synss / python-mbedtls Goto Github PK
View Code? Open in Web Editor NEWCryptographic library with an mbed TLS back end
License: MIT License
Cryptographic library with an mbed TLS back end
License: MIT License
Upgrading mbedtls to latest stable version 3.0.0 causes compatibility issues with python-mbedtls.
Building wheels for package results in error
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: error: implicit declaration of function 'mbedtls_mpi_is_prime' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
__pyx_t_2 = __Pyx_PyInt_From_int(mbedtls_mpi_is_prime((&__pyx_v_self->_ctx), (&mbedtls_ctr_drbg_random), (&__pyx_v_7mbedtls_3mpi___rng->_ctx))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
^
build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: note: did you mean 'mbedtls_mpi_gen_prime'?
/usr/local/include/mbedtls/bignum.h:1002:5: note: 'mbedtls_mpi_gen_prime' declared here
int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
^
1 error generated.
❯ env LDFLAGS="-I/usr/local/Cellar/mbedtls/3.0.0/include -L/usr/local/Cellar/mbedtls/3.0.0/lib" pip3 install python-mbedtls --no-cache-dir Looking in indexes: https://pypi.org/simple, https://pypi%40dronetag.cz:****@pypi.dronetag.cz/ Collecting python-mbedtls Downloading python-mbedtls-1.5.1.tar.gz (122 kB) |████████████████████████████████| 122 kB 3.3 MB/s Installing build dependencies ... done Getting requirements to build wheel ... done Installing backend dependencies ... done Preparing wheel metadata ... done Requirement already satisfied: certifi in /usr/local/lib/python3.9/site-packages (from python-mbedtls) (2021.5.30) Building wheels for collected packages: python-mbedtls Building wheel for python-mbedtls (PEP 517) ... error ERROR: Command errored out with exit status 1: command: /usr/local/opt/[email protected]/bin/python3.9 /usr/local/lib/python3.9/site-packages/pip/_vendor/pep517/in_process/_in_process.py build_wheel /var/folders/nr/d4vr6w_97gg039v6gxyfrzkw0000gn/T/tmp9e4wj54w cwd: /private/var/folders/nr/d4vr6w_97gg039v6gxyfrzkw0000gn/T/pip-install-ltzuoka5/python-mbedtls_51fd5414c21142678e58258c68a1a045 Complete output (61 lines): loading: '/usr/local/lib/libmbedtls.dylib' mbedtls version: mbed TLS 3.0.0 python-mbedtls version: 1.5.1running bdist_wheel running build running build_py creating build creating build/3.9.6 creating build/3.9.6/lib.macosx-10.15-x86_64-3.9 creating build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls copying src/mbedtls/hashlib.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls copying src/mbedtls/__init__.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls copying src/mbedtls/secrets.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls copying src/mbedtls/hmac.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls creating build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/ARIA.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/ARC4.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/AES.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/__init__.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/DES3.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/Camellia.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/CHACHA20.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/Blowfish.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/DES3dbl.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher copying src/mbedtls/cipher/DES.py -> build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/cipher running build_ext cythoning src/mbedtls/_platform.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.c creating build/3.9.6/temp.macosx-10.15-x86_64-3.9 creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls cythoning src/mbedtls/mpi.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c cythoning src/mbedtls/pk.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/pk.c cythoning src/mbedtls/tls.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/tls.c cythoning src/mbedtls/version.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/version.c cythoning src/mbedtls/_random.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_random.c cythoning src/mbedtls/hkdf.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/hkdf.c cythoning src/mbedtls/x509.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/x509.c cythoning src/mbedtls/exceptions.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/exceptions.c cythoning src/mbedtls/_ringbuf.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_ringbuf.c cythoning src/mbedtls/_md.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_md.c cythoning src/mbedtls/cipher/_cipher.pyx to build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/cipher/_cipher.c creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/cipher building 'mbedtls._platform' extension creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6 creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9 creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex creating build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/include -I/usr/local/opt/[email protected]/include -I/usr/local/opt/sqlite/include -I/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/include/python3.9 -c build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.c -o build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.o clang -bundle -undefined dynamic_lookup -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/Cellar/mbedtls/3.0.0/include -L/usr/local/Cellar/mbedtls/3.0.0/lib build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/_platform.o -L -L/usr/local/lib -L/usr/local/opt/[email protected]/lib -L/usr/local/opt/sqlite/lib -lmbedcrypto -lmbedtls -lmbedx509 -o build/3.9.6/lib.macosx-10.15-x86_64-3.9/mbedtls/_platform.cpython-39-darwin.so ld: warning: directory not found for option '-L-L/usr/local/lib' building 'mbedtls.mpi' extension clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk -I/usr/local/include -I/usr/local/opt/[email protected]/include -I/usr/local/opt/sqlite/include -I/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/include/python3.9 -c build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c -o build/3.9.6/temp.macosx-10.15-x86_64-3.9/build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.o build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: error: implicit declaration of function 'mbedtls_mpi_is_prime' is invalid in C99 [-Werror,-Wimplicit-function-declaration] __pyx_t_2 = __Pyx_PyInt_From_int(mbedtls_mpi_is_prime((&__pyx_v_self->_ctx), (&mbedtls_ctr_drbg_random), (&__pyx_v_7mbedtls_3mpi___rng->_ctx))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error) ^ build/3.9.6/temp.macosx-10.15-x86_64-3.9/pyrex/mbedtls/mpi.c:4343:36: note: did you mean 'mbedtls_mpi_gen_prime'? /usr/local/include/mbedtls/bignum.h:1002:5: note: 'mbedtls_mpi_gen_prime' declared here int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, ^ 1 error generated. error: command '/usr/bin/clang' failed with exit code 1 ---------------------------------------- ERROR: Failed building wheel for python-mbedtls Failed to build python-mbedtls ERROR: Could not build wheels for python-mbedtls which use PEP 517 and cannot be installed directly
Passing build or specification of maximum supported mbedtls version in README.md
macOS 10.15.7
Python 3.9.6
mbedtls 3.0.0 installed via brew
Hashing Module Level Design
[...]
Component overview
The Hashing module provides one-way hashing functions. Hashing functions are used to create a fixed-length representation of a block of data so that when the data changes the hash value does not match. The hash value is also known as a (message) digest.
A hashing function is generally used for creating a hash message authentication code (HMAC) when sending a message. Such a HMAC can be used in combination with a previously exchanged symmetric key as a message integrity and authentication control.
With this module you can thus:
- Create a hash value/message digest for a file, a stream or a buffer.
- Create a HMAC for a stream or a buffer.
Hello,
I believe I have encountered a bug that I want to bring to your attention.
When creating and saving a private key with python-mbedtls, the resulting file contains a large number of trailing null bytes:
For example:
'-----BEGIN EC PRIVATE KEY-----\n ... Regular EC Key content ... \n-----END EC PRIVATE KEY-----\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ...... '
When removing those null bytes, the key can no longer be read. Furthermore, externally generated keys (i.e. with openssl) cannot be loaded. Reading such a file results in the error:
mbedtls.exceptions.TLSError: TLSError([0x3D62] 'PK - Invalid key tag or value : ASN1 - ASN1 tag was of an unexpected value')
I expected the key.export_key("PEM") function to generate a string containing just the PEM encoded key without any trailing bytes.
Furthermore, I expected to be able to load openssl generated keys.
The code I used to generate and save a key:
import mbedtls
key = mbedtls.pk.ECC()
_ = key.generate()
open("./key.pem", "w").write(key.export_key("PEM"))
The code I used to read a key:
import mbedtls
key = mbedtls.pk.ECC.from_file("./key.pem")
The above code works perfectly fine as long as the key was saved with the first code snippet and the null bytes are left in place. It fails however for openssl generated certificates and certificates with the null bytes removed.
Debian 11
Python 3.9.2
pyhton-mbedtls 2.5.1
mbed TLS 2.28.1
The file size seems to be always 7672 bytes. So perhaps a buffer of fixed size is written out and expected.
I truncated the string obtained from the export method with:
rstrip("\x00")
The following code makes the truncated certificate as well as openssl certificates parsable again:
import mbedtls
buf = open("./key.pem").read()
key = mbedtls.pk.ECC.from_PEM(buf.ljust(7672, "\x00"))
From a clean install of Ubuntu, I follow the instructions in the README.md, but it fails to install. I'm not sure what all you would need in order to reproduce the error. I only included the first part of the errors from the build. It looks like I'm missing some necessary libraries.
unflavored@ubuntu:/tmp/test$ python -V
Python 2.7.12
unflavored@ubuntu:/tmp/test$ virtualenv venv
Running virtualenv with interpreter /usr/bin/python2
New python executable in /tmp/test/venv/bin/python2
Also creating executable in /tmp/test/venv/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
unflavored@ubuntu:/tmp/test$ source venv/bin/activate
(venv) unflavored@ubuntu:/tmp/test$ python -m pip install python-mbedtls
Collecting python-mbedtls
Using cached python-mbedtls-0.8.tar.gz
Building wheels for collected packages: python-mbedtls
Running setup.py bdist_wheel for python-mbedtls: started
Running setup.py bdist_wheel for python-mbedtls: finished with status 'error'
Complete output from command /tmp/test/venv/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-90lU9g/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpBunVKDpip-wheel- --python-tag cp27:
running bdist_wheel
running build
running build_ext
cythoning mbedtls/exceptions.pyx to mbedtls/exceptions.c
building 'mbedtls.exceptions' extension
creating build
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/mbedtls
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/exceptions.c -o build/temp.linux-x86_64-2.7/mbedtls/exceptions.o
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/mbedtls
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/exceptions.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/exceptions.so
cythoning mbedtls/random.pyx to mbedtls/random.c
building 'mbedtls.random' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/random.c -o build/temp.linux-x86_64-2.7/mbedtls/random.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/random.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/random.so
cythoning mbedtls/hash.pyx to mbedtls/hash.c
building 'mbedtls.hash' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c mbedtls/hash.c -o build/temp.linux-x86_64-2.7/mbedtls/hash.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -Wl,-z,relro -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/mbedtls/hash.o -lmbedtls -o build/lib.linux-x86_64-2.7/mbedtls/hash.so
cythoning mbedtls/x509.pyx to mbedtls/x509.c
Error compiling Cython file:
------------------------------------------------------------
...
__copyright__ = "Copyright 2018, Mathias Laurin"
__license__ = "MIT License"
from libc.stdlib cimport malloc, free
cimport x509
^
------------------------------------------------------------
mbedtls/x509.pyx:9:8: 'mbedtls/x509.pxd' not found
Error compiling Cython file:
------------------------------------------------------------
...
from libc.stdlib cimport malloc, free
cimport x509
cimport mbedtls._mpi as _mpi
^
------------------------------------------------------------
mbedtls/x509.pyx:11:8: 'mbedtls/_mpi.pxd' not found
Error compiling Cython file:
------------------------------------------------------------
...
serial (int or bytes): The serial number.
"""
if not serial:
return
cdef _mpi.MPI ser = _mpi.MPI(serial)
^
------------------------------------------------------------
mbedtls/x509.pyx:180:13: 'MPI' is not a type identifier
Error compiling Cython file:
------------------------------------------------------------
...
return # Implementation detail.
self._from_buffer(bytearray(buffer))
...
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
in 2.3.0 executing ./server.py --dtls --debug 3 --port 9009 --address 149.28.170.96 --psk-store "CLI1=asecretkey","CLI2=Client_identity" gives:
_enable_debug_output(conf)
TypeError: Argument 'conf' has incorrect type (expected mbedtls._tls.MbedTLSConfiguration, got DTLSConfiguration)
There is no similar error in 2.2.0
>>> import mbedtls
...
It would be if other parts, e.g. the really great DTLS support in mbedTLS, were also supported, even if just partially. Any plans to add a wrapper?
The tests for TLSv1 do not pass.
Hi, I'm trying to build python-mbedtls with EC-J_PAKE support for Thread usage. ARM provides a special configuration file which allows to cover those minimal requirements. I tried replacing the default config and resulted in a lot of errors.
At the moment it's OK for me to have incremental support (not minimal) and I think that can be achieved by defining MBEDTLS_USER_CONFIG_FILE
as the config-thread.h
.
So I introduced these changes: edmont@bd4afe2
But when trying to build (python3 setup.py build
) I get this warning:
build-3.7.3/temp.linux-x86_64-3.7/pyrex/mbedtls/tls.c:16957:10: warning: implicit declaration of function ‘mbedtls_ssl_set_hs_ecjpake_password’; did you mean ‘mbedtls_ssl_get_record_expansion’? [-Wimplicit-function-declaration]
What am I missing?
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Currently all symmetric block ciphers default to the padding whichever one was set in mbedtls at compilation time. Because it's by default not MBEDTLS_PADDING_NONE
the current setup excludes many usecases for the ciphers.
As I see currently it's using MBEDTLS_PADDING_PKCS7
.
Either default to MBEDTLS_PADDING_NONE
and have the user's implement padding on their own, or expose the mbedtls_cipher_set_padding_mode
to the user.
(NOTE: should be applied to both encryption and decryption context a the same time)
See mbedtls release notes:
Features
- (2.11) Added support for the XTS block cipher mode with AES (AES-XTS). Contributed by Aorimn in pull request #414.
- (2.11) Implemented the HMAC-based extract-and-expand key derivation function (HKDF) per RFC 5869. Contributed by Thomas Fossati.
- (2.11) For TLS servers, added support for offloading private key operations to an external cryptoprocessor. Private key operations can be asynchronous to allow non-blocking operation of the TLS server stack.
- (2.11) Added support for ARIA cipher (RFC 5794) and associated TLS ciphersuites (RFC 6209). ARIA is disabled by default. To enable, see MBEDTLS_ARIA_C in config.h.
- (2.11) Added support for the CCM* block cipher mode as defined in IEEE Std 802.15.4.
- (2.11) Added an additional block mode, OFB (Output Feedback) per NIST SP 800-38a, to the AES module and cipher abstraction module.
Calling pk.get_supported_curves()
raises following error
Traceback (most recent call last):
File "minimal-example.py", line 3, in <module>
print(pk.get_supported_curves())
File "src/mbedtls/pk.pyx", line 116, in mbedtls.pk.get_supported_curves
File "/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 384, in __call__
return cls.__new__(cls, value)
File "/usr/local/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/enum.py", line 702, in __new__
raise ve_exc
ValueError: b'x25519' is not a valid Curve
macOS 10.15.7
Python 3.9.6
mbedtls 2.27.0 installed via brew
from mbedtls import pk
print(pk.get_supported_curves())
See libmbedtls 2.12.0 release notes.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I'm trying to set up a client context and inspect the handshake messages without using sockets. # _pep543.TLSWrappedBuffer
When invoking do_handshake()
I get mbedtls.exceptions.TLSError: TLSError([0x7100] 'SSL - Bad input parameters to function')
I expect to get a WantReadError
or a WantWriteError
and be able to obtain the initial handshake bytes
from mbedtls import tls
ctx = tls.ClientContext(tls.TLSConfiguration(validate_certificates=False))
ssl = ctx.wrap_buffers(None)
ssl.do_handshake()
This should produce WantWriteError
Python 3.8.10 (default, Nov 26 2021, 20:14:08)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from mbedtls import tls
ls.TLSConfiguration(validate_certificates=False))
ssl = ctx.wrap_buffers(None)
ssl.do_handshake()>>>
>>> ctx = tls.ClientContext(tls.TLSConfiguration(validate_certificates=False))
>>> ssl = ctx.wrap_buffers(None)
>>> ssl.do_handshake()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "src/mbedtls/tls.pyx", line 1460, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src/mbedtls/tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake
File "src/mbedtls/tls.pyx", line 1286, in mbedtls.tls._BaseContext._do_handshake_step
File "src/mbedtls/tls.pyx", line 1305, in mbedtls.tls._BaseContext._handle_handshake_response
File "src/mbedtls/exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src/mbedtls/exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x7100] 'SSL - Bad input parameters to function')
Awesome project, thank you for it!
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Not sure if it's a feature request or a bug.
Currently the main function for performing encryption or decryption is done via mbedtls_cipher_crypt
which doesn't update the IV value (or at least the new IV value is not used in subsequent calls to encrypt
and decrypt
functions, this results in using multiple calls for any block cipher like AES-CBC/CFB/OFB... will yield incorrect result.
I'd recommend to modify the pxd/pyx
code to update the fresh IV after each successful encryption/decryption call.
In case you disagree with the information stated in the description I'll produce an example script, just let me know.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Hi, I am currently trying to do some benchmarks with different DTLS setups, and for that I would need to be able to modify the value of the session cache timeout so that I'm not stuck with the default value of 1 day
It is currently impossible to modify the session cache timeout value from this package's bindings to mbedtls
Have the mbedtls_ssl_cache_set_max_entries
, mbedtls_ssl_cache_set_timeout
, and mbedtls_ssl_conf_session_cache
exposed through the Python bindings so that the behavior of mbedtls cache can be modified
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Hi, I try to test socket server with multiple clients, using multi threading on the server side, but only can connect one client after accept per time, until that client socket is closed, then it is possible to accept another client, if two clients are running at same time, the second client is doing handshake either to timeout or succeeded when the last client socket is closed.
Thanks
#DTLS server
import os
from _thread import *
import asyncio
import time
import structlog
from contextlib import suppress
from mbedtls import tls
import socket
import functools
from mbedtls.tls import *
import struct
from mbedtls.tls import _enable_debug_output, _set_debug_level
def block(cb, *args, **kwargs):
while True:
try:
result = cb(*args, **kwargs)
except (WantReadError, WantWriteError):
print(" .", cb.__name__)
else:
print(" .", "done", cb.__name__, result)
return result
srv_conf = tls.DTLSConfiguration(
ciphers=(
# PSK Requires the selection PSK ciphers.
"TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
),
pre_shared_key_store={
"client0": b"a secret",
"client1": b"other secret",
"client42": b"the secret",
"client100": b"yet another one",
},
)
_enable_debug_output(srv_conf)
_set_debug_level(1)
HOST, PORT = "0.0.0.0", 2883
dtls_srv_ctx = tls.ServerContext(srv_conf)
bindsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
dtls_srv = dtls_srv_ctx.wrap_socket(bindsock)
dtls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
dtls_srv.bind((HOST, PORT))
ThreadCount = 0
def threaded_client(connection, address):
while True:
data = block(client.recv, 2048)
block(client.send, data)
if data == b"\0":
break
client.close()
while True:
print(f"> waiting to accept:")
cli0, cli_address0 = dtls_srv.accept()
print(f"> accepted:")
cli0.setcookieparam(cli_address0[0].encode("ascii"))
try:
block(cli0.do_handshake)
except HelloVerifyRequest:
print("HVR")
cli1, cli_address1 = cli0.accept()
cli0.close()
cli1.setcookieparam(cli_address1[0].encode("ascii"))
block(cli1.do_handshake)
print(" .", "handshake", cli1.negotiated_tls_version())
client = cli1
client_address = cli_address1
print('Connected to: ' + client_address[0] + ':' + str(client_address[1]))
start_new_thread(threaded_client, (client, client_address,))
ThreadCount += 1
print('Thread Number: ' + str(ThreadCount))
dtls_srv.close()
#DTLS client
import socket
import struct
import time
from mbedtls import tls
from mbedtls.x509 import CRT
from mbedtls.tls import *
from mbedtls.tls import _enable_debug_output, _set_debug_level
cli_conf = tls.DTLSConfiguration(pre_shared_key=("client42", b"the secret"))
_enable_debug_output(cli_conf)
_set_debug_level(1)
address = ("127.0.0.1", 2883)
host, port = address
ctx = ClientContext(cli_conf)
cli = ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP),
server_hostname="localhost",
)
print(" .", "connect", address)
cli.connect(address)
def block(cb, *args, **kwargs):
while True:
try:
result = cb(*args, **kwargs)
except (WantReadError, WantWriteError):
print(" .", cb.__name__)
else:
print(" .", "done", cb.__name__, result)
return result
block(cli.do_handshake)
print(" .", "handshake", cli.negotiated_tls_version())
msg = b"hello"
for _ in range(5):
nn = block(cli.send, msg)
print(" .", "S", nn, len(msg))
data, addr = block(cli.recvfrom, 4096)
print(" .", "R", nn, data)
time.sleep(2)
else:
block(cli.send, b"\0")
block(cli.recvfrom, 4096)
print(cli)
cli.close()
Hi,
Trying to build it fails:
building 'mbedtls._md' extension
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-g
cc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python3.6m -c build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c -o build-3.6.8/temp.linux-
x86_64-3.6/build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.o
build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c: In function ‘pyx_pf_7mbedtls_3_md_6MDBase_10block_size___get’:
build-3.6.8/temp.linux-x86_64-3.6/src/mbedtls/_md.c:4795:62: error: dereferencing pointer to incomplete type
__pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_self->_ctx.md_info->block_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
This is with:
When installing on Raspberry Pi 4, fails due to fatal error: mbedtls/bignum.h: No such file or directory
#include "mbedtls/bignum.h"
Fails to install
Should install
pi@raspberrypi:~ $ pip3 install python-mbedtls
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting python-mbedtls
Using cached https://files.pythonhosted.org/packages/4e/b7/1e29337f668485c79bec77c95e2d361a5375eac8bfefba5ab8adff1fa5dd/python-mbedtls-1.4.1.tar.gz
Installing build dependencies ... done
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from python-mbedtls) (2018.8.24)
Building wheels for collected packages: python-mbedtls
Running setup.py bdist_wheel for python-mbedtls ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" bdist_wheel -d /tmp/pip-wheel-5psloyj4 --python-tag cp37:
Library not found
loading: None
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 133, in
version=mbedtls_version_info, url=mbedtls_url
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 65, in check_mbedtls_support
mbedtls_version(lib), sep=os.linesep
File "/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py", line 45, in mbedtls_version
lib.mbedtls_version_get_string_full(output_p)
File "/usr/lib/python3.7/ctypes/init.py", line 369, in getattr
func = self.getitem(name)
File "/usr/lib/python3.7/ctypes/init.py", line 374, in getitem
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /usr/bin/python3: undefined symbol: mbedtls_version_get_string_full
Failed building wheel for python-mbedtls
Running setup.py clean for python-mbedtls
Failed to build python-mbedtls
Installing collected packages: python-mbedtls
Running setup.py install for python-mbedtls ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-cx3phpq9/install-record.txt --single-version-externally-managed --compile --user --prefix=:
running install
running build
running build_py
creating build
creating build/3.7.3
creating build/3.7.3/lib.linux-armv7l-3.7
creating build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/hmac.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/init.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/secrets.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
copying src/mbedtls/hashlib.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls
creating build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES3dbl.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/ARIA.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES3.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/AES.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/Blowfish.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/Camellia.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/CHACHA20.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/ARC4.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/init.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
copying src/mbedtls/cipher/DES.py -> build/3.7.3/lib.linux-armv7l-3.7/mbedtls/cipher
running build_ext
cythoning src/mbedtls/mpi.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c
creating build/3.7.3/temp.linux-armv7l-3.7
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls
cythoning src/mbedtls/_ringbuf.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_ringbuf.c
cythoning src/mbedtls/exceptions.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/exceptions.c
cythoning src/mbedtls/x509.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/x509.c
cythoning src/mbedtls/version.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/version.c
cythoning src/mbedtls/_platform.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_platform.c
cythoning src/mbedtls/_random.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_random.c
cythoning src/mbedtls/tls.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/tls.c
cythoning src/mbedtls/pk.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/pk.c
cythoning src/mbedtls/hkdf.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/hkdf.c
cythoning src/mbedtls/_md.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/_md.c
cythoning src/mbedtls/cipher/_cipher.pyx to build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/cipher/_cipher.c
creating build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/cipher
building 'mbedtls.mpi' extension
creating build/3.7.3/temp.linux-armv7l-3.7/build
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex
creating build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls
arm-linux-gnueabihf-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c -o build/3.7.3/temp.linux-armv7l-3.7/build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.o
build/3.7.3/temp.linux-armv7l-3.7/pyrex/mbedtls/mpi.c:608:10: fatal error: mbedtls/bignum.h: No such file or directory
#include "mbedtls/bignum.h"
^~~~~~~~~~~~~~~~~~
compilation terminated.
error: command 'arm-linux-gnueabihf-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-zj03qrrr/python-mbedtls/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-cx3phpq9/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-zj03qrrr/python-mbedtls/
None
I am submitting a …
The latest version of python-mbedtls 1.4.0 does not seem to install correctly on macOS Catalina 10.15.7. After attempting to install multiple times via pip3 or from source using Apple's version of pip3/python3 or a macports selected version of pip3/python3, the package always is missing the dynamically loaded shared objects in the medbtls python directory. This prevents importing of the mbedtls package. I have a working version of the same package on Ubuntu 18.04 LTS which includes the missing objects but am not sure how to get the package working on macOS.
After installing mbedtls (from MacPorts) either using pip3 to install python-mbedtls or installing from the source package (as in the egg example below), the mbedtls package cannot be imported in a python script as follows:
$ python3
Python 3.6.12 (default, Sep 6 2020, 12:48:16)
[GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/__init__.py", line 8, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/__init__.py", line 12, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/AES.py", line 11, in <module>
ModuleNotFoundError: No module named 'mbedtls.exceptions'
Here are the contents of the egg referenced above:
$ unzip -l /opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg
Archive: /opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg
Length Date Time Name
--------- ---------- ----- ----
24255 11-22-2020 01:53 EGG-INFO/PKG-INFO
1978 11-22-2020 01:53 EGG-INFO/SOURCES.txt
1 11-22-2020 01:53 EGG-INFO/dependency_links.txt
70 11-22-2020 01:53 EGG-INFO/requires.txt
8 11-22-2020 01:53 EGG-INFO/top_level.txt
1 11-22-2020 01:53 EGG-INFO/zip-safe
742 10-17-2020 06:16 mbedtls/__init__.py
1563 10-17-2020 06:16 mbedtls/hashlib.py
1707 10-17-2020 06:16 mbedtls/hmac.py
1252 10-17-2020 06:16 mbedtls/secrets.py
749 11-22-2020 01:53 mbedtls/__pycache__/__init__.cpython-36.pyc
2031 11-22-2020 01:53 mbedtls/__pycache__/hashlib.cpython-36.pyc
2103 11-22-2020 01:53 mbedtls/__pycache__/hmac.cpython-36.pyc
1393 11-22-2020 01:53 mbedtls/__pycache__/secrets.cpython-36.pyc
2155 10-17-2020 06:16 mbedtls/cipher/AES.py
1046 10-17-2020 06:16 mbedtls/cipher/ARC4.py
1763 10-17-2020 06:16 mbedtls/cipher/ARIA.py
1471 10-17-2020 06:16 mbedtls/cipher/Blowfish.py
1637 10-17-2020 06:16 mbedtls/cipher/CHACHA20.py
1552 10-17-2020 06:16 mbedtls/cipher/Camellia.py
1322 10-17-2020 06:16 mbedtls/cipher/DES.py
1409 10-17-2020 06:16 mbedtls/cipher/DES3.py
1400 10-17-2020 06:16 mbedtls/cipher/DES3dbl.py
574 10-17-2020 06:16 mbedtls/cipher/__init__.py
1798 11-22-2020 01:53 mbedtls/cipher/__pycache__/AES.cpython-36.pyc
1112 11-22-2020 01:53 mbedtls/cipher/__pycache__/ARC4.cpython-36.pyc
1753 11-22-2020 01:53 mbedtls/cipher/__pycache__/ARIA.cpython-36.pyc
1441 11-22-2020 01:53 mbedtls/cipher/__pycache__/Blowfish.cpython-36.pyc
1700 11-22-2020 01:53 mbedtls/cipher/__pycache__/CHACHA20.cpython-36.pyc
1505 11-22-2020 01:53 mbedtls/cipher/__pycache__/Camellia.cpython-36.pyc
1361 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES.cpython-36.pyc
1425 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES3.cpython-36.pyc
1419 11-22-2020 01:53 mbedtls/cipher/__pycache__/DES3dbl.cpython-36.pyc
671 11-22-2020 01:53 mbedtls/cipher/__pycache__/__init__.cpython-36.pyc
--------- -------
66367 34 files
The same occurred when trying to install using apple's python3. Here are the contents of the mbedtls directory after installation:
$ ll /Library/Python/3.8/site-packages/mbedtls/
total 32
drwxr-xr-x 7 root wheel 224 22 Nov 08:59 ./
drwxr-xr-x 23 root wheel 736 22 Nov 08:59 ../
-rw-r--r-- 1 root wheel 742 22 Nov 08:59 __init__.py
drwxr-xr-x 12 root wheel 384 22 Nov 08:59 cipher/
-rw-r--r-- 1 root wheel 1563 22 Nov 08:59 hashlib.py
-rw-r--r-- 1 root wheel 1707 22 Nov 08:59 hmac.py
-rw-r--r-- 1 root wheel 1252 22 Nov 08:59 secrets.py
Here are the contents of the build directory when building from source:
$ ll python-mbedtls-1.4.0/build/3.6.12/lib/mbedtls/
total 32
drwxr-xr-x 7 tom staff 224 22 Nov 01:43 ./
drwxr-xr-x 3 tom staff 96 22 Nov 01:43 ../
-rw-r--r-- 1 tom staff 742 17 Oct 06:16 __init__.py
drwxr-xr-x 12 tom staff 384 22 Nov 01:43 cipher/
-rw-r--r-- 1 tom staff 1563 17 Oct 06:16 hashlib.py
-rw-r--r-- 1 tom staff 1707 17 Oct 06:16 hmac.py
-rw-r--r-- 1 tom staff 1252 17 Oct 06:16 secrets.py
It looks like the there are a number of modules that should be loaded dynamically as shared objects but for some reason these are not being built/installed. On Ubuntu 18.04LTS, here is how things look with a working installation:
$ ll /usr/local/lib/python3.6/dist-packages/mbedtls/
total 15656
drwxr-sr-x 4 root staff 4096 Oct 29 16:33 ./
drwxrwsr-x 5 root staff 4096 Oct 29 16:33 ../
drwxr-sr-x 3 root staff 4096 Oct 29 16:33 cipher/
-rwxr-xr-x 1 root staff 322144 Oct 29 16:33 exceptions.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1563 Oct 29 16:33 hashlib.py
-rwxr-xr-x 1 root staff 1154448 Oct 29 16:33 hkdf.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1707 Oct 29 16:33 hmac.py
-rw-r--r-- 1 root staff 742 Oct 29 16:33 __init__.py
-rwxr-xr-x 1 root staff 1257320 Oct 29 16:33 _md.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1654856 Oct 29 16:33 mpi.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 2351800 Oct 29 16:33 pk.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1006928 Oct 29 16:33 _platform.cpython-36m-x86_64-linux-gnu.so*
drwxr-sr-x 2 root staff 4096 Oct 29 16:33 __pycache__/
-rwxr-xr-x 1 root staff 1175248 Oct 29 16:33 _random.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 1113456 Oct 29 16:33 _ringbuf.cpython-36m-x86_64-linux-gnu.so*
-rw-r--r-- 1 root staff 1252 Oct 29 16:33 secrets.py
-rwxr-xr-x 1 root staff 3155440 Oct 29 16:32 tls.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 190800 Oct 29 16:33 version.cpython-36m-x86_64-linux-gnu.so*
-rwxr-xr-x 1 root staff 2598216 Oct 29 16:33 x509.cpython-36m-x86_64-linux-gnu.so*
$ python3
Python 3.6.9 (default, Oct 8 2020, 12:12:24)
[GCC 8.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
>>>
$ python3
Python 3.6.12 (default, Sep 6 2020, 12:48:16)
[GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import mbedtls
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/__init__.py", line 8, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/__init__.py", line 12, in <module>
File "/opt/local/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/python_mbedtls-1.4.0-py3.6.egg/mbedtls/cipher/AES.py", line 11, in <module>
ModuleNotFoundError: No module named 'mbedtls.exceptions'
macOS Catalina v10.15.7
pip 20.2.4
Python 3.6.12
mbedtls @2.24.0
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I need to obtain the server's certificate after a successful handshake. In PEP there is a function documented getpeercert
but I see in the code this is not implemented (commented out).
Would it be possible to obtain the server's certificate in some other way? If not, I'd like to ask you to add this feature.
getpeercert
is not implemented
getpeercert
to be implemented
N/A
N/A
I don't need it in parsed form, binary DER is more than enough.
Installation of this module fails in windows environment with python 3.7.2
When installing the module using "pip install python-mbedtls==1.3.1" in win env, i am getting below error
"WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError('Cannot connect to proxy.', NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x03DCF770>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))': /simple/python-mbedtls/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) "
ERROR: Could not find a version that satisfies the requirement python-mbedtls==1.3.1 (from versions: none)
ERROR: No matching distribution found for python-mbedtls==1.3.1
I think, when i see the installation" section, i came to know that this library supports for linux and macos.
It would be really helpful - if the support is available for win environment,since I could not find a library that supports "PSK" cipher suites PSK-AES128-GCM-SHA256 and PSK-NULL-SHA256 for both TLS and DTLS communication.
I see that this library supports for both TLS and DTLS communication for both the ciphers that is mentioned above.
Getting an error when trying to install python-mbedtls module using pip command.
ERROR: Could not find a version that satisfies the requirement python-mbedtls==1.3.1 (from versions: none)
ERROR: No matching distribution found for python-mbedtls==1.3.1
Expecting : This library shall be able to install in windows env.
how to build the package or generate the wheel package in case of win env would be really helpful .
1.use "pip install python-mbedtls==1.3.1" in python terminal in windows os.
Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))': /simple/python-mbedtls/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) "
Detailed log is attached for further investigation.
[log_mbedtls.txt]
Windows 10 64-bit OS
Python 3.7.2
pip 20.1.1
I want to clarify this doubt,however i have only option to bring this notice as an issue.
Hi.
Very need threaded server example for DTLS.
Thanks.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
>>> import mbedtls
...
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am trying to use DTLS for a high-latency connection (30s+), which doesn't work because the client keeps retrying the handshake with way to short delays for my application (the default is 1-60s).
handshake timeout is not configurable (parameter commented out here: https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/tls.pyx#L777)
handshake timeout is configurable (somehow, preferably in DTLSConfiguration)
Binding: mbedtls_ssl_conf_handshake_timeout
Project at https://build.opensuse.org/package/show/home:jayvdb:strictyaml/python-python-mbedtls
It builds both python 2 & then 3.
Python 3 passes the tests, but there are a lot of failures for Python 2.
The logs are there. Let me know if you want me to copy them over.
While I was following the library code flow,
I noticed that it was impossible to find definitions of some functions
such as "mbedtls_pk_check_pair" (used in https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/pk.pyx,
and declared in https://github.com/Synss/python-mbedtls/blob/master/src/mbedtls/pk.pxd).
Please, would you help me to find all source code?
python-mbedtls fails some of its test suite if mbedtls isn't built with ARIA support.
[...]
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98850>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30e020>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98b90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30ec00>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae98ed0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea30e020>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99210>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a2ac0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99550>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a1ee0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae99890>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3a2ac0>
def test_encrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:255:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0c3d0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361760>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0c710>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361940>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] _____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0ca50>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.ECB: 1>, 0)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0cd90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361e40>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d0d0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d410>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CBC: 2>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea3622a0>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0d750>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0da90>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362700>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0ddd0>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.CTR: 5>, 16)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e110>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 16, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362b60>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e450>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 24, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea361b20>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
____________________________________________ TestCipher.test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] ____________________________________________
self = <test_cipher.TestCipher object at 0x7f5ceae0e790>, params = (<module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>, 32, <Mode.GCM: 6>, 12)
randbytes = <function randbytes.<locals>.function at 0x7f5cea362fc0>
def test_decrypt_nothing_raises(
self,
params: Tuple[CipherType, int, Mode, int],
randbytes: Callable[[int], bytes],
) -> None:
module, key_size, mode, iv_size = params
> cipher = module.new(randbytes(key_size), mode, randbytes(iv_size))
tests/test_cipher.py:265:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
_____________________________________________________________ TestGenericCipher.test_cbc_requires_padding[mbedtls.cipher.ARIA] ______________________________________________________________
self = <test_cipher.TestGenericCipher object at 0x7f5cead43c50>, module = <module 'mbedtls.cipher.ARIA' from '/home/sjames/git/python-mbedtls/src/mbedtls/cipher/ARIA.py'>
randbytes = <function randbytes.<locals>.function at 0x7f5cea4a79c0>
def test_cbc_requires_padding(
self, module: CipherType, randbytes: Callable[[int], bytes]
) -> None:
mode = Mode.CBC
if mode not in SUPPORTED_MODES[module]:
return pytest.skip( # type: ignore[return-value]
f"unsupported mode for {module!r}: {mode!s}"
)
sizes = SUPPORTED_SIZES[module][mode]
for key_size in sizes.key_size:
> cipher = module.new(
randbytes(key_size), mode, iv=randbytes(sizes.iv_size)
)
tests/test_cipher.py:445:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
src/mbedtls/cipher/ARIA.py:69: in new
return Cipher(name, key, mode_, iv)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> raise NotImplementedError("unsupported cipher: %r" % cipher_name)
E NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
src/mbedtls/cipher/_cipher.pyx:78: NotImplementedError
================================================================================== short test summary info ==================================================================================
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_pickle[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_accessors[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_cipher_name[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_decrypt[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_encrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-128-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-192-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.ECB, iv_size=0] - NotImplementedError: unsupported cipher: b'ARIA-256-ECB'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CBC, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CBC'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-128-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-192-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.CTR, iv_size=16] - NotImplementedError: unsupported cipher: b'ARIA-256-CTR'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=16, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-128-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=24, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-192-GCM'
FAILED tests/test_cipher.py::TestCipher::test_decrypt_nothing_raises[mbedtls.cipher.ARIA, key_size=32, mode=Mode.GCM, iv_size=12] - NotImplementedError: unsupported cipher: b'ARIA-256-GCM'
FAILED tests/test_cipher.py::TestGenericCipher::test_cbc_requires_padding[mbedtls.cipher.ARIA] - NotImplementedError: unsupported cipher: b'ARIA-128-CBC'
================================================================== 73 failed, 2575 passed, 101 skipped, 7 xfailed in 8.20s ==================================================================
Tests fail unexpectedly.
Tests which need ARIA should be skipped if support is unavailable.
2.28.I
Build mbedtls on Gentoo (see configuration at https://gitweb.gentoo.org/repo/gentoo.git/tree/net-libs/mbedtls/mbedtls-2.28.1.ebuild)
Run python-mbedtls test suite either from 2.5.1 or master
I'm using mbedtls-2.28.1 installed from the Gentoo packaging for it. We've not had any problems like this before so I don't think our configuration is too odd, but I've discovered today that mbedtls is wildly configurable!
I've attached my /usr/include/mbedtls/config.h: config.h.gz
Hi,
First thing, Thank You for your exceptional work in producing this Cython wrapper for mbedTLS.
I was wondering, is it possible to use RSASSA_PSS to sign bytes with mbedtls.pk.RSA
? If so, could you please provide an example? I've been looking in the source code, looking how to use mbedtls_pk_type_t.MBEDTLS_PK_RSASSA_PSS
, but could not find it.
I just noticed that RSASSA_PSS
is commented in CIPHER_NAME
tuple, so I suspect this is not implemented?
Kind Regards,
Roberto
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Currently, I am trying to initiate a DTLS handshake in which the server handles things in a very particular way.
The flow is this:
Client Hello (client)
Hello Verify Request (server)
Client Hello + cookie (client)
Hello Request (server)
Client Hello #no cookie# (client)
Server Hello
etc...
I believe what I need access too is the ability to set this to 1
_tls.mbedtls_ssl_conf_renegotiation(&self._ctx, 0) line 446 tls.pyx
Renegotiation is disabled and I believe that is what I need enabled. I would also love if the bindings for mbedtls legacy negotiation options where accessible
Allow users to modify these values when setting up a context for tls or dtls
Using default DTLS config provided in docs, works as expected until renegotiation occurs.
If this is something that is already available, please provide info on how to achieve this, thank you in advance.
Setup:
The module was successfully setup, hashing functions proved to be working. It appears that all the functionality is working except TLS. A (D)TLS PSK client and server were setup.
The ClientHello message gets sent but the server fails on do_handshake function.
Exception thrown: mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
Included .pcap trace: python-mbedtls_rst.zip
Client error traceback:
Traceback (most recent call last):
File "...\mbedtls\mbedtls-test.py", line 36, in
block(tls_cli.do_handshake)
File "...\mbedtls\mbedtls-test.py", line 26, in block
return callback(*args, **kwargs)
File "src\mbedtls\tls.pyx", line 1691, in mbedtls.tls.TLSWrappedSocket.do_handshake
File "src\mbedtls\tls.pyx", line 1458, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src\mbedtls\tls.pyx", line 1276, in mbedtls.tls._BaseContext._do_handshake
File "src\mbedtls\tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake_step
File "src\mbedtls\tls.pyx", line 1300, in mbedtls.tls._BaseContext._handle_handshake_response
File "src\mbedtls\exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src\mbedtls\exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
Server error traceback:
Traceback (most recent call last):
File "...\mbedtls\mbedtls-test-server.py", line 60, in
server_main_loop(tls_srv)
File "...\mbedtls\mbedtls-test-server.py", line 33, in server_main_loop
block(conn.do_handshake)
File "...\mbedtls\mbedtls-test-server.py", line 27, in block
return callback(*args, **kwargs)
File "src\mbedtls\tls.pyx", line 1691, in mbedtls.tls.TLSWrappedSocket.do_handshake
File "src\mbedtls\tls.pyx", line 1458, in mbedtls.tls.TLSWrappedBuffer.do_handshake
File "src\mbedtls\tls.pyx", line 1276, in mbedtls.tls._BaseContext._do_handshake
File "src\mbedtls\tls.pyx", line 1281, in mbedtls.tls._BaseContext._do_handshake_step
File "src\mbedtls\tls.pyx", line 1300, in mbedtls.tls._BaseContext._handle_handshake_response
File "src\mbedtls\exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src\mbedtls\exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x0047] 'NET - Polling the net context failed')
The handshake should be successful.
Server code:
import socket
from mbedtls import tls
import contextlib
get_request = "\r\n".join((
"GET / HTTP/1.0",
"",
"")).encode("ascii")
http_response = "\r\n".join((
"HTTP/1.0 200 OK",
"Content-Type: text/html",
"",
"<h2>Test Server</h2>",
"<p>Successful connection.</p>",
"")).encode("ascii")
http_error = "\r\n".join((
"HTTP/1.0 400 Bad Request",
"",
""))
def block(callback, *args, **kwargs):
while True:
with contextlib.suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
def server_main_loop(sock):
conn, addr = sock.accept()
print(conn, addr)
block(conn.do_handshake)
data = conn.recv(1024)
if data == get_request:
conn.sendall(http_response)
else:
conn.sendall(http_error)
srv_conf = tls.TLSConfiguration(
ciphers=(
# PSK Requires the selection PSK ciphers.
"TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
),
pre_shared_key_store={
"test2": b"secret"
}
)
tls_srv_ctx = tls.ServerContext(srv_conf)
tls_srv = tls_srv_ctx.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
port = 4433
tls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
tls_srv.bind(("127.0.0.1", port))
tls_srv.listen(1)
server_main_loop(tls_srv)
Client code:
import socket
from mbedtls import tls
import contextlib
get_request = "\r\n".join((
"GET / HTTP/1.0",
"",
"")).encode("ascii")
http_response = "\r\n".join((
"HTTP/1.0 200 OK",
"Content-Type: text/html",
"",
"<h2>Test Server</h2>",
"<p>Successful connection.</p>",
"")).encode("ascii")
http_error = "\r\n".join((
"HTTP/1.0 400 Bad Request",
"",
""))
def block(callback, *args, **kwargs):
while True:
with contextlib.suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
cli_conf = tls.TLSConfiguration(pre_shared_key=("test2", b"secret"))
tls_cli_ctx = tls.ClientContext(cli_conf)
tls_cli = tls_cli_ctx.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM), server_hostname=None)
tls_cli.connect(("127.0.0.1", 4433))
block(tls_cli.do_handshake)
tls_cli.send(get_request)
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
AES GCM 128 and 256 fails TAG test vector.
AES GCM 128 test vector:
key = '00000000000000000000000000000000'
nonce = '000000000000000000000000'
plaintext = ''
ciphertext = ''
adata = ''
mac = '58e2fccefa7e3061367f1d57a4e7455a'
AES256 GCM test vector:
key = '0000000000000000000000000000000000000000000000000000000000000000'
nonce = '000000000000000000000000'
plaintext = ''
ciphertext = ''
adata = ''
mac = '530f8afbc74536b9a963b4f1c4cb738b'
When trying to perform encryption
with the above test vectors, the module produces the following error:
CIPHER - Decryption of block requires a full block'
Also note that the error message specifies DECRYPTION
but it's an encryption
operation.
Passing the test :)
pip install python-mbedtls
from mbedtls import cipher as mbedcipher
key = bytes.fromhex('00000000000000000000000000000000')
nonce = bytes.fromhex('000000000000000000000000')
plaintext = b''
ciphertext = b''
adata = b''
mac = bytes.fromhex('530f8afbc74536b9a963b4f1c4cb738b')
cipherobj = mbedcipher.AES.new(key, mbedcipher.MODE_GCM, nonce, adata)
cipherobj.encrypt(plaintext)
This test passes on cryptography
pycryptodome
pycryptodomex
and pyaes
modules.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I read the source code and I can't see a way to use PSK for DTLS. It seems only to handle certificates.
Is there a way to specify the use of PSK with the current implementation? Otherwise what would be needed to implement PSK?
Is it possible to have a PSK store? My use case involves many devices with a different PSK. I haven't found a good way of managing individual device PSK in other open source projects so thought it might be best to look at a lower level implementation as mbedTLS.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am having a hell of a time compiling this project from source on Linux Ubuntu Desktop LTS
I get this error when trying to run build wheel
main
I get the same error when trying to install with sudo python3 setup.py install
I was getting a similar error trying to compile on linux. it does not appear the requirements.txt in main dir, nor the build.txt or tests.txt in requirements dir covers everything you need. I also went and installed pretty much everything in this stackoverflow thread
https://stackoverflow.com/questions/26053982/setup-script-exited-with-error-command-x86-64-linux-gnu-gcc-failed-with-exit
still not working. I need to be able to compile this myself to apply the changes we talked about in a previous ticket
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
Missing mbedtls.exceptions module when importing mbedtls.cipher
Error when importing mbedtls.cipher
python can find mbedtls.exception module
>>> from mbedtls import cipher
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.8/site-packages/mbedtls/__init__.py", line 8, in <module>
import mbedtls.cipher as cipher
File "/usr/lib/python3.8/site-packages/mbedtls/cipher/__init__.py", line 12, in <module>
from . import AES, ARC4, ARIA, CHACHA20, DES, DES3, Blowfish, Camellia, DES3dbl
File "/usr/lib/python3.8/site-packages/mbedtls/cipher/AES.py", line 11, in <module>
from mbedtls.exceptions import TLSError
ModuleNotFoundError: No module named 'mbedtls.exceptions'
## Other information
$ sudo pip3 install python-mbedtls
WARNING: Running pip install with root privileges is generally not a good idea. Try pip3 install --user
instead.
Collecting python-mbedtls
Using cached https://files.pythonhosted.org/packages/bc/ba/23dc1786580315753a0738b90b5679de2487e3fc802e360de42eacc956c3/python-mbedtls-1.7.0.tar.gz
Requirement already satisfied: certifi in /usr/local/lib/python3.6/site-packages (from python-mbedtls)
Requirement already satisfied: typing_extensions in /usr/local/lib/python3.6/site-packages (from python-mbedtls)
Installing collected packages: python-mbedtls
Running setup.py install for python-mbedtls ... done
Successfully installed python-mbedtls-1.7.0
$ python3
Python 3.6.8 (default, Nov 16 2020, 16:55:22)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
from mbedtls._tls import _enable_debug_output, _set_debug_level
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib64/python3.6/site-packages/mbedtls/init.py", line 15, in
import mbedtls.tls as tls
File "/usr/local/lib64/python3.6/site-packages/mbedtls/tls.py", line 17, in
from ._tls import (
ImportError: /usr/local/lib64/python3.6/site-packages/mbedtls/_tls.cpython-36m-x86_64-linux-gnu.so: undefined symbol: mbedtls_cipher_set_padding_mode
This is with both mbedtls-2.16.12 as well as mbedtls-2.28.0.
I tried to build the latest repro on CentOS 1804 x64 and got a failure.
cmd issued: sudo /usr/local/bin/python3.7 setup.py install
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/usr/local/include/python3.7m -c build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.c -o build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.o
build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/_md.c:611:33: fatal error: mbedtls/md_internal.h: No such file or directory
#include "mbedtls/md_internal.h"
^
compilation terminated.
error: command 'gcc' failed with exit status 1
I also tried the 0.14.0 version from here and got a different build error:
https://pypi.org/project/python-mbedtls/#files
sudo /usr/local/bin/python3.7 setup.py install
running install
running bdist_egg
running egg_info
writing src/python_mbedtls.egg-info/PKG-INFO
writing dependency_links to src/python_mbedtls.egg-info/dependency_links.txt
writing requirements to src/python_mbedtls.egg-info/requires.txt
writing top-level names to src/python_mbedtls.egg-info/top_level.txt
reading manifest file 'src/python_mbedtls.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'src/python_mbedtls.egg-info/SOURCES.txt'
installing library code to build-3.7.1/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build-3.7.1
creating build-3.7.1/lib.linux-x86_64-3.7
creating build-3.7.1/lib.linux-x86_64-3.7/mbedtls
copying src/mbedtls/init.py -> build-3.7.1/lib.linux-x86_64-3.7/mbedtls
creating build-3.7.1/lib.linux-x86_64-3.7/mbedtls/cipher
copying src/mbedtls/cipher/init.py -> build-3.7.1/lib.linux-x86_64-3.7/mbedtls/cipher
running build_ext
cythoning src/mbedtls/x509.pyx to build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c
creating build-3.7.1/temp.linux-x86_64-3.7
creating build-3.7.1/temp.linux-x86_64-3.7/pyrex
creating build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
building 'mbedtls.x509' extension
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex
creating build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/usr/local/include/python3.7m -c build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c -o build-3.7.1/temp.linux-x86_64-3.7/build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.o
build-3.7.1/temp.linux-x86_64-3.7/pyrex/mbedtls/x509.c:611:26: fatal error: mbedtls/asn1.h: No such file or directory
#include "mbedtls/asn1.h"
^
compilation terminated.
error: command 'gcc' failed with exit status 1
Public Key Module Level Design
[...]
Component overview
The Public Key module provides asymmetric cryptography functions that are mainly used for:
- Public/private keypair generation.
- Parsing and writing keys.
- Key exchange.
- Message signing and verification.
- Message encryption/decryption.
The Public Key module does not interact with other modules, although it is loosely coupled with the RNG module, e.g. for prime number generation and blinding.
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
I am looking for a way to use session caching with this package. I have not found documentation on it so I assume that it is not supported. Could this be something that you would consider adding?
No session caching, at least it is not documented
>>> import mbedtls
...
Hi, @Synss , @stepheny , I'd like to report a vulnerability issue in python-mbedtls_1.7.0.
As shown in the above dependency graph (Here shows part of the dependency graph, which depends on vulnerable shared libraries), python-mbedtls_1.7.0 directly or transitively depends on 8 C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
libmbedcrypto-ac73041f.so.3
,libmbedtls-47606ffb.so.12
and libmbedx509-91f761cc.so.0
from C project mbedtls(version:2.16.11) exposed 2 vulnerabilities:
CVE-2021-45451, CVE-2021-45450
mbedtls has fixed the vulnerabilities in versions >=3.1.0
Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (python-mbedtls has 15,250 downloads per month), could you please upgrade the above shared libraries to their patch versions?
Thanks for your help~
Best regards,
Joe Gardner
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
hi Synss,
I want to specific argments p_rng for mbedtls_ecdh_gen_public, it's usually in c coding, but I can't find a way to do this with python-mbedtls.
thanks for your great work on python-mbedtls, it's very useful to me.
currently, I try to this in python code, but it always crash at so.mbedtls_ecdh_gen_public.
so = ctypes.CDLL("/usr/local/lib/python2.7/site-packages/mbedtls/pk.so")
ecdh_ctx = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
d = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
Q = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
RNG = (c_char_p * 1024)(addressof(ctypes.create_string_buffer(1024)))
so.mbedtls_ecdh_init(ecdh_ctx)
so.mbedtls_mpi_init(d)
so.mbedtls_ecp_point_init(Q)
so.mbedtls_ctr_drbg_init(RNG)
so.mbedtls_ecp_group_load(ecdh_ctx, 9)
so.mbedtls_ecdh_gen_public(ecdh_ctx, d, Q, so.mbedtls_ctr_drbg_random, RNG)
print ecdh_ctx
>>> import mbedtls
...
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
16 byte input data should produce 16 byte encrypted data. Cryptodome and mbedtls on my ESP32 micro controller are behaving like that. But python-mbedtls produces 32 byte encrypted data.
Here is the sample of my source code for ESP32
mbedtls_aes_context aes;
const unsigned char key[16] = "My 16-bytes key";
unsigned char iv[16] = "My 16-bytes iv.";
size_t length = 16;
unsigned char in[length], out[length*2];
for (size_t i = 0; i < length; i++) in[i] = 0;
for (size_t i = 0; i < length*2; i++) out[i] = 0;
mbedtls_aes_setkey_enc(&aes, key, 16*8);
mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, length,iv,in, out);
delay(500);
Serial.print("Encrypted from ESP32 : ");
for (size_t i = 0; i < length*2; i++){
Serial.printf("%d, ",(char)out[i]);
}
Serial.println();
That program print:
Encrypted from ESP32 : 98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
As you can see, there are 16 non zero data in output byte array of length 32.
16 byte input data produces 32 byte encrypted data. The problem is python-mbedtls refuse to decrypt 16 byte encrypted data from Cryptodome and ESP32 mbedtls while giving this error
File "desktop/simetrikRemote.py", line 12, in <module>
print([int(x) for x in d.decrypt(dec_byte[:16])])
File "src/mbedtls/cipher/_cipher.pyx", line 289, in mbedtls.cipher._cipher.Cipher.decrypt
File "src/mbedtls/cipher/_cipher.pyx", line 276, in mbedtls.cipher._cipher.Cipher._crypt
File "src/mbedtls/exceptions.pyx", line 54, in mbedtls.exceptions.check_error
File "src/mbedtls/exceptions.pyx", line 57, in mbedtls.exceptions.check_error
mbedtls.exceptions.TLSError: TLSError([0x6200] 'CIPHER - Input data contains invalid padding and is rejected')`
16 byte input data produces 16 byte encrypted data and python-mbedtls can decrypt encryption from another AES implementation.
from Cryptodome.Cipher import AES
from mbedtls import cipher
key = b'My 16-bytes key\0'
iv = b"My 16-bytes iv.\0"
raw = bytearray(16) #list of zeros
d1 = AES.new(key, AES.MODE_CBC, iv)
enc1 = d1.encrypt(raw)
print("length of encrypted data using cryptodome: ", len(enc1))
print([int(x) for x in enc1])
d2 = cipher.AES.new(key, cipher.MODE_CBC, iv)
enc2 = d2.encrypt(raw)
print("length of encrypted data using python-mbedtls: ", len(enc2))
print([int(x) for x in enc2])
The program above prints:
length of encrypted data using cryptodome: 16
[98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164]
length of encrypted data using python-mbedtls: 32
[98, 203, 172, 171, 204, 8, 236, 28, 167, 205, 120, 72, 12, 242, 72, 164, 204, 133, 178, 79, 207, 47, 52, 158, 254, 38, 43, 177, 175, 127, 252, 6]
From where that additional 16 byte come from?
python-mbedtls : 1.4.0
OS : Arch Linux
NOTE: Please use stackoverflow for support questions.
This repository's issues are reserved for feature requests and bug reports.
in the file tls.py, there is an error about the length of args in function sendto (line 302)
def sendto(self, message, *args):
if not 2 <= len(args) <= 3:
raise TypeError(
"sendto() takes 2 or 3 arguments (%i given)" % (1 + len(args))
)
args can have one or two 'arg' : flag and address also the control must be:
if not 1 <= len(args) <= 2:
I don't know if it only happened on my side. The system information is as below:
MacOS 10.14.6
Python 3.7.3
pip 19.1.1
When installing the package with command "pip install python-mbedtls -i https://pypi.python.org/simple", I got the following error:
......
build-3.7.3/temp.macosx-10.7-x86_64-3.7/pyrex/mbedtls/_platform.c:596:10: fatal error: 'mbedtls/platform_util.h' file not found
#include "mbedtls/platform_util.h"
^~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
error: command 'gcc' failed with exit status 1
----------------------------------------
ERROR: Failed building wheel for python-mbedtls
The full logs can be found in attached logs.txt
Please have a look at it. Thanks.
Symmetric Cipher (Cipher) Module Level Design
[...]
Component overview
The Cipher module provides symmetric encryption and decryption
using some chosen ciphers in a generic way.The Cipher module does not interact with other modules.
It would be nice to have a section of the main documentation that outlines the intended uses of this module versus ssl
. mbedTLS is quite a bit slower than OpenSSL, and on any device that needs mbedTLS’s lightness it’s probably advantageous to use a compiled language rather than python. The notion of “alternative” TLS libraries intrigues me, but the performance hit makes it seem hard to justify.
The number of GitHub forks & stars here, though, suggests that someone finds it of use, so I’m curious what those use cases are. Having them in the docs would probably help potential users to know “sooner-rather-than-later” that python-mbedtls is right for them.
Thanks for reading!
I have :
-1- Download-mbedTLS.PS1 (version 2.16.9)
-2- Install-mbedTLS.PS1
-3- launch python setup.py install (my python version is 3.7.8
all seems OK
I try DTLS example (DTLS client and server)
when the client try to do handshake, the server give an exception:
Traceback (most recent call last):
File "", line 1, in
File "src\mbedtls\tls.pyx", line 1557, in mbedtls.tls.TLSWrappedSocket.accept
OSError: [WinError 10040] Un message envoyé sur un socket datagramme était plus volumineux que le tampon de messages interne ou qu’une autre limite réseau ou bien le tampon utilisé pour recevoir un datagramme était plus petit que le datagramme lui-même
it's at the moment where the server receive the "client hello"
def accept(self):
if self.type == _socket.SOCK_STREAM:
conn, address = self._socket.accept()
else:
data, address = self._socket.recvfrom(1, _socket.MSG_PEEK)
No exception
1.Run server
2.Run client
code server :
from mbedtls import tls
import datetime as dt
from mbedtls import hashlib
from mbedtls import pk
from mbedtls import x509
import socket
from contextlib import suppress
import multiprocessing as mp
def block(callback, *args, **kwargs):
while True:
with suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
def dtls_server_main_loop(sock):
"""A simple DTLS echo server."""
conn, addr = sock.accept()
print(conn,addr)
conn.setcookieparam(addr[0].encode())
with suppress(tls.HelloVerifyRequest):
block(conn.do_handshake)
conn, addr = conn.accept()
conn.setcookieparam(addr[0].encode())
block(conn.do_handshake)
data = conn.recv(4096)
conn.send(data)
def server_main_loop(sock):
conn, addr = sock.accept()
print(conn, addr)
block(conn.do_handshake)
data = conn.recv(4096)
if data == get_request:
conn.sendall(http_response)
else:
conn.sendall(http_error)
if __name__ == "__main__":
# Here, the trusted root is a self-signed CA certificate ca0_crt signed by ca0_key
now = dt.datetime.utcnow()
ca0_key = pk.RSA()
_ = ca0_key.generate()
ca0_csr = x509.CSR.new(ca0_key, "CN=Trusted CA", hashlib.sha256())
ca0_crt = x509.CRT.selfsign(
ca0_csr, ca0_key,
not_before=now, not_after=now + dt.timedelta(days=90),
serial_number=0x123456,
basic_constraints=x509.BasicConstraints(True, 1))
#An intermediate then issues a Certificate Singing Request(CSR) that the root CA signs:
ca1_key = pk.ECC()
_ = ca1_key.generate()
ca1_csr = x509.CSR.new(ca1_key, "CN=Intermediate CA", hashlib.sha256())
ca1_crt = ca0_crt.sign(
ca1_csr, ca0_key, now, now + dt.timedelta(days=90), 0x123456,
basic_constraints = x509.BasicConstraints(ca=True, max_path_length=3))
# And finally, the intermediate CA signs a certificate for the End Entity on the basis of a new CSR:
ee0_key = pk.ECC()
_ = ee0_key.generate()
ee0_csr = x509.CSR.new(ee0_key, "CN=End Entity", hashlib.sha256())
ee0_crt = ca1_crt.sign(
ee0_csr, ca1_key, now, now + dt.timedelta(days=90), 0x987654)
# The emitting certificate can be used to verify the next certificate in the chain:
print(f'la validation du certificat est {ca1_crt.verify(ee0_crt)}')
print(f'la validation du certificat est {ca0_crt.verify(ca1_crt)}')
# the trust store just consists in the root certificate ca0_crt
trust_store = tls.TrustStore()
trust_store.add(ca0_crt)
# context serveur
dtls_srv_ctx = tls.ServerContext(tls.DTLSConfiguration(
trust_store = trust_store,
certificate_chain = ([ee0_crt, ca1_crt], ee0_key),
validate_certificates = False
))
# The DTLS contexts can now wrap UDP sockets.
dtls_srv = dtls_srv_ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
)
port = 4443
dtls_srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
dtls_srv.bind(("0.0.0.0", port))
#In contrast with TCP (TLS), there is not call to listen() for UDP.
#runner = mp.Process(target=dtls_server_main_loop, args=(dtls_srv, ))
#runner.start()
server_main_loop(dtls_srv)
-- code client
from mbedtls import tls
import datetime as dt
from mbedtls import hashlib
from mbedtls import pk
from mbedtls import x509
import socket
from contextlib import suppress
import multiprocessing as mp
def block(callback, *args, **kwargs):
while True:
with suppress(tls.WantReadError, tls.WantWriteError):
return callback(*args, **kwargs)
if __name__ == "__main__":
# Here, the trusted root is a self-signed CA certificate ca0_crt signed by ca0_key
now = dt.datetime.utcnow()
ca0_key = pk.RSA()
_ = ca0_key.generate()
ca0_csr = x509.CSR.new(ca0_key, "CN=Trusted CA", hashlib.sha256())
ca0_crt = x509.CRT.selfsign(
ca0_csr, ca0_key,
not_before=now, not_after=now + dt.timedelta(days=90),
serial_number=0x123456,
basic_constraints=x509.BasicConstraints(True, 1))
#An intermediate then issues a Certificate Singing Request(CSR) that the root CA signs:
ca1_key = pk.ECC()
_ = ca1_key.generate()
ca1_csr = x509.CSR.new(ca1_key, "CN=Intermediate CA", hashlib.sha256())
ca1_crt = ca0_crt.sign(
ca1_csr, ca0_key, now, now + dt.timedelta(days=90), 0x123456,
basic_constraints = x509.BasicConstraints(ca=True, max_path_length=3))
# And finally, the intermediate CA signs a certificate for the End Entity on the basis of a new CSR:
ee0_key = pk.ECC()
_ = ee0_key.generate()
ee0_csr = x509.CSR.new(ee0_key, "CN=End Entity", hashlib.sha256())
ee0_crt = ca1_crt.sign(
ee0_csr, ca1_key, now, now + dt.timedelta(days=90), 0x987654)
# The emitting certificate can be used to verify the next certificate in the chain:
print(f'la validation du certificat est {ca1_crt.verify(ee0_crt)}')
print(f'la validation du certificat est {ca0_crt.verify(ca1_crt)}')
# the trust store just consists in the root certificate ca0_crt
trust_store = tls.TrustStore()
trust_store.add(ca0_crt)
#client
dtls_cli_ctx = tls.ClientContext(tls.DTLSConfiguration(
trust_store = trust_store,
validate_certificates = True,
))
dtls_cli = dtls_cli_ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_DGRAM),
server_hostname=None,
)
port = 4443
dtls_cli.connect(("localhost", port))
block(dtls_cli.do_handshake)
DATAGRAM = b"hello datagram"
block(dtls_cli.send, DATAGRAM)
block(dtls_cli.recv, 4096)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.