diff --git a/src/mbedtls/_asn1.pxd b/src/mbedtls/_asn1.pxd new file mode 100644 index 00000000..49c6bba1 --- /dev/null +++ b/src/mbedtls/_asn1.pxd @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2018, Mathias Laurin + +cdef extern from "mbedtls/asn1.h" nogil: + cdef struct mbedtls_asn1_buf: + int tag + size_t len + unsigned char *p + cdef struct mbedtls_asn1_sequence: + mbedtls_asn1_buf buf + mbedtls_asn1_sequence *next + cdef struct mbedtls_asn1_named_data: + mbedtls_asn1_buf oid + mbedtls_asn1_buf val + mbedtls_asn1_named_data *next + unsigned char next_merged diff --git a/src/mbedtls/_debug.pxd b/src/mbedtls/_debug.pxd new file mode 100644 index 00000000..4aaa8f56 --- /dev/null +++ b/src/mbedtls/_debug.pxd @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2018, Mathias Laurin + +cdef extern from "mbedtls/debug.h" nogil: + void mbedtls_debug_set_threshold(int threshold) diff --git a/src/mbedtls/_dhm.pxd b/src/mbedtls/_dhm.pxd new file mode 100644 index 00000000..877891c9 --- /dev/null +++ b/src/mbedtls/_dhm.pxd @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2016, Elaborated Networks GmbH +# Copyright (c) 2018, Mathias Laurin + +cimport mbedtls.mpi as _mpi + + +cdef extern from "mbedtls/dhm.h" nogil: + ctypedef struct mbedtls_dhm_context: + _mpi.mbedtls_mpi P + _mpi.mbedtls_mpi G + _mpi.mbedtls_mpi X + _mpi.mbedtls_mpi GX + _mpi.mbedtls_mpi GY + _mpi.mbedtls_mpi K + + void mbedtls_dhm_init(mbedtls_dhm_context *ctx) + void mbedtls_dhm_free(mbedtls_dhm_context *ctx) + + int mbedtls_dhm_make_params( + mbedtls_dhm_context *ctx, + int x_size, + unsigned char *output, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) + int mbedtls_dhm_make_public( + mbedtls_dhm_context *ctx, + int x_size, + unsigned char *output, size_t olen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) + + int mbedtls_dhm_read_params( + mbedtls_dhm_context *ctx, + unsigned char **p, + const unsigned char *end) + int mbedtls_dhm_read_public( + mbedtls_dhm_context *ctx, + const unsigned char *input, size_t ilen) + + int mbedtls_dhm_calc_secret( + mbedtls_dhm_context *ctx, + unsigned char *output, size_t output_size, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) + + # int mbedtls_dhm_parse_dhm( + # mbedtls_dhm_context *dhm, + # const unsigned char *dhmin, size_t dhminlen) + # int mbedtls_dhm_parse_dhmfile( + # mbedtls_dhm_context *dhm, + # const char *path) diff --git a/src/mbedtls/_ecdh.pxd b/src/mbedtls/_ecdh.pxd new file mode 100644 index 00000000..6066683d --- /dev/null +++ b/src/mbedtls/_ecdh.pxd @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2016, Elaborated Networks GmbH +# Copyright (c) 2018, Mathias Laurin + +cimport mbedtls._ecp as _ecp +cimport mbedtls.mpi as _mpi + + +cdef extern from "mbedtls/ecdh.h" nogil: + ctypedef enum mbedtls_ecdh_side: + MBEDTLS_ECDH_OURS + MBEDTLS_ECDH_THEIRS + + ctypedef struct mbedtls_ecdh_context: + _ecp.mbedtls_ecp_group grp + _mpi.mbedtls_mpi d # private key + _ecp.mbedtls_ecp_point Q # public key + _ecp.mbedtls_ecp_point Qp # peer's public key + _mpi.mbedtls_mpi z # shared secret + + # mbedtls_ecp_group + # ----------------- + int mbedtls_ecdh_gen_public( + _ecp.mbedtls_ecp_group *grp, + _mpi.mbedtls_mpi *d, + _ecp.mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) + int mbedtls_ecdh_compute_shared( + _ecp.mbedtls_ecp_group *grp, + _mpi.mbedtls_mpi *z, + const _ecp.mbedtls_ecp_point *Q, + const _mpi.mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) + + # mbedtls_ecdh_context + # -------------------- + void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) + void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) + + int mbedtls_ecdh_get_params( + mbedtls_ecdh_context *ctx, + const _ecp.mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side) + + int mbedtls_ecdh_make_params( + mbedtls_ecdh_context *ctx, + size_t *olen, unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) + int mbedtls_ecdh_make_public( + mbedtls_ecdh_context *ctx, + size_t *olen, unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) + + int mbedtls_ecdh_read_params( + mbedtls_ecdh_context *ctx, + const unsigned char **buf, const unsigned char *end) + int mbedtls_ecdh_read_public( + mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen) + + int mbedtls_ecdh_calc_secret( + mbedtls_ecdh_context *ctx, + size_t *olen, unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) diff --git a/src/mbedtls/_ecdsa.pxd b/src/mbedtls/_ecdsa.pxd new file mode 100644 index 00000000..7182f422 --- /dev/null +++ b/src/mbedtls/_ecdsa.pxd @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2016, Elaborated Networks GmbH +# Copyright (c) 2018, Mathias Laurin + +cdef extern from "mbedtls/ecdsa.h" nogil: + ctypedef struct mbedtls_ecdsa_context: + mbedtls_ecp_group grp + _mpi.mbedtls_mpi d + mbedtls_ecp_point Q + + int MBEDTLS_ECDSA_MAX_LEN + + # mbedtls_ecp_group + # ----------------- + # mbedtls_ecdsa_sign + # mbedtls_ecdsa_sign_det + # mbedtls_ecdsa_verify + + # mbedtls_ecdsa_context + # --------------------- + void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx) + void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx) + + int mbedtls_ecdsa_from_keypair( + mbedtls_ecdsa_context *ctx, + const mbedtls_ecp_keypair *key) + + # mbedtls_ecdsa_write_signature + # mbedtls_ecdsa_write_signature_det + # mbedtls_ecdsa_read_signature + + int mbedtls_ecdsa_genkey( + mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) diff --git a/src/mbedtls/_ecp.pxd b/src/mbedtls/_ecp.pxd new file mode 100644 index 00000000..980b4268 --- /dev/null +++ b/src/mbedtls/_ecp.pxd @@ -0,0 +1,143 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2016, Elaborated Networks GmbH +# Copyright (c) 2018, Mathias Laurin + +cimport mbedtls.mpi as _mpi + + +cdef extern from "mbedtls/ecp.h" nogil: + ctypedef enum mbedtls_ecp_group_id: + MBEDTLS_ECP_DP_NONE = 0, + MBEDTLS_ECP_DP_SECP192R1 + MBEDTLS_ECP_DP_SECP224R1 + MBEDTLS_ECP_DP_SECP256R1 + MBEDTLS_ECP_DP_SECP384R1 + MBEDTLS_ECP_DP_SECP521R1 + MBEDTLS_ECP_DP_BP256R1 + MBEDTLS_ECP_DP_BP384R1 + MBEDTLS_ECP_DP_BP512R1 + MBEDTLS_ECP_DP_CURVE25519 + MBEDTLS_ECP_DP_SECP192K1 + MBEDTLS_ECP_DP_SECP224K1 + MBEDTLS_ECP_DP_SECP256K1 + MBEDTLS_ECP_DP_CURVE448 + + ctypedef enum mbedtls_ecp_curve_type: + MBEDTLS_ECP_TYPE_NONE = 0 + MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS + MBEDTLS_ECP_TYPE_MONTGOMERY + + ctypedef struct mbedtls_ecp_curve_info: + mbedtls_ecp_group_id grp_id + int bit_size + const char *name + + ctypedef struct mbedtls_ecp_point: + _mpi.mbedtls_mpi X + _mpi.mbedtls_mpi Y + _mpi.mbedtls_mpi Z + + ctypedef struct mbedtls_ecp_group: + mbedtls_ecp_group_id id + _mpi.mbedtls_mpi P + _mpi.mbedtls_mpi A + _mpi.mbedtls_mpi B + mbedtls_ecp_point G + _mpi.mbedtls_mpi N + size_t pbits + size_t nbits + unsigned int h + int (*modp)(_mpi.mbedtls_mpi *) + int (*t_pre)(mbedtls_ecp_point *, void *) + int (*t_post)(mbedtls_ecp_point *, void *) + void *t_data + mbedtls_ecp_point *T + size_t T_size + + ctypedef struct mbedtls_ecp_keypair: + mbedtls_ecp_group grp + _mpi.mbedtls_mpi d + mbedtls_ecp_point Q + + int MBEDTLS_ECP_MAX_BYTES + int MBEDTLS_ECP_PF_UNCOMPRESSED + + # Free functions + # -------------- + const mbedtls_ecp_curve_info* mbedtls_ecp_curve_list() + # mbedtls_ecp_grp_id_list + # mbedtls_ecp_curve_info_from_grp_id + # mbedtls_ecp_curve_info_from_tls_id + # mbedtls_ecp_curve_info_from_name + mbedtls_ecp_curve_type mbedtls_ecp_get_type( + const mbedtls_ecp_group *grp + ) + + # mbedtls_ecp_point + # ----------------- + void mbedtls_ecp_point_init(mbedtls_ecp_point *pt) + void mbedtls_ecp_point_free(mbedtls_ecp_point *pt) + int mbedtls_ecp_copy( + mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q) + # mbedtls_ecp_set_zero + int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt) + int mbedtls_ecp_point_cmp( + const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q) + # mbedtls_ecp_point_read_string + + # mbedtls_ecp_group + # ----------------- + void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) + void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) + int mbedtls_ecp_group_copy( + mbedtls_ecp_group *dst, + const mbedtls_ecp_group *src) + + int mbedtls_ecp_point_write_binary( + const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, unsigned char *buf, size_t buflen) + int mbedtls_ecp_point_read_binary( + const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, + const unsigned char *buf, size_t ilen) + + # mbedtls_ecp_tls_read_point + # mbedtls_ecp_tls_write_point + + int mbedtls_ecp_group_load( + mbedtls_ecp_group *grp, + mbedtls_ecp_group_id index) + + # mbedtls_ecp_tls_read_group + # mbedtls_ecp_tls_write_group + int mbedtls_ecp_mul( + mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const _mpi.mbedtls_mpi *m, + const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) + # mbedtls_ecp_muladd + # mbedtls_ecp_check_pubkey + # mbedtls_ecp_check_privkey + + # mbedtls_ecp_keypair + # ------------------- + void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key) + void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key) + # mbedtls_ecp_gen_keypair_base + int mbedtls_ecp_gen_keypair( + mbedtls_ecp_group *grp, + _mpi.mbedtls_mpi *d, + mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) + # mbedtls_ecp_check_pub_priv + int mbedtls_ecp_gen_key( + mbedtls_ecp_group_id grp_id, + mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) diff --git a/src/mbedtls/_md.pxd b/src/mbedtls/_md.pxd index 4e4aeed3..2edb3400 100644 --- a/src/mbedtls/_md.pxd +++ b/src/mbedtls/_md.pxd @@ -2,9 +2,6 @@ # Copyright (c) 2015, Elaborated Networks GmbH # Copyright (c) 2018, Mathias Laurin -"""Declarations from `mbedtls/md.h`.""" - - cdef extern from "mbedtls/md.h" nogil: ctypedef struct mbedtls_md_info_t: pass diff --git a/src/mbedtls/_platform.pxd b/src/mbedtls/_platform.pxd index de8b791d..ba809230 100644 --- a/src/mbedtls/_platform.pxd +++ b/src/mbedtls/_platform.pxd @@ -1,8 +1,6 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2019, Mathias Laurin -"""Declarations from `mbedtls/platform*.h`.""" - cdef extern from "mbedtls/platform_util.h" nogil: void mbedtls_platform_zeroize(void *buf, size_t len) diff --git a/src/mbedtls/_random.pxd b/src/mbedtls/_random.pxd index 816e64d7..9e6bfd1e 100644 --- a/src/mbedtls/_random.pxd +++ b/src/mbedtls/_random.pxd @@ -2,9 +2,6 @@ # Copyright (c) 2016, Elaborated Networks GmbH # Copyright (c) 2019, Mathias Laurin -"""Declarations for `mbedtls/ctr_drbg.h`.""" - - cdef extern from "mbedtls/entropy.h" nogil: ctypedef struct mbedtls_entropy_context: pass diff --git a/src/mbedtls/_rsa.pxd b/src/mbedtls/_rsa.pxd new file mode 100644 index 00000000..3cb41638 --- /dev/null +++ b/src/mbedtls/_rsa.pxd @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2016, Elaborated Networks GmbH +# Copyright (c) 2018, Mathias Laurin + +cdef extern from "mbedtls/rsa.h" nogil: + ctypedef struct mbedtls_rsa_context: + pass + + # mbedtls_rsa_context + # ------------------- + # mbedtls_rsa_init + # mbedtls_rsa_set_padding + int mbedtls_rsa_gen_key( + mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + unsigned int nbits, int exponent) + int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx) + int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx) + # mbedtls_rsa_check_pub_priv + # mbedtls_rsa_public + # mbedtls_rsa_private + # mbedtls_rsa_pkcs1_encrypt + # mbedtls_rsa_rsaes_pkcs1_v15_encrypt + # mbedtls_rsa_rsaes_oaep_encrypt + # mbedtls_rsa_pkcs1_decrypt + # mbedtls_rsa_rsaes_pkcs1_v15_decrypt + # mbedtls_rsa_rsaes_oaep_decrypt + # mbedtls_rsa_pkcs1_sign + # mbedtls_rsa_rsassa_pkcs1_v15_sign + # mbedtls_rsa_rsassa_pss_sign + # mbedtls_rsa_pkcs1_verify + # mbedtls_rsa_rsassa_pkcs1_v15_verify + # mbedtls_rsa_rsassa_pss_verify + # mbedtls_rsa_rsassa_pss_verify_ext + # mbedtls_rsa_copy + # mbedtls_rsa_free diff --git a/src/mbedtls/_timing.pxd b/src/mbedtls/_timing.pxd new file mode 100644 index 00000000..886e484d --- /dev/null +++ b/src/mbedtls/_timing.pxd @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: MIT +# Copyright (c) 2018, Mathias Laurin + +cdef extern from "mbedtls/timing.h" nogil: + # This provides callbacks for DTLS with blocking IO. + + ctypedef struct mbedtls_timing_hr_time: + pass + + ctypedef struct mbedtls_timing_delay_context: + mbedtls_timing_hr_time timer + int int_ms + int fin_ms + + # extern volatile int mbedtls_timing_alarmed + + # unsigned long mbedtls_timing_hardclock() + # unsigned long mbedtls_timing_get_timer( + # mbedtls_timing_hr_time *, + # int reset, + # ) + # void mbedtls_set_alarm(int seconds) + + # mbedtls_ssl_set_timer_t callback + void mbedtls_timing_set_delay(void *data, int int_ms, int fin_ms) + # mbedtls_ssl_get_timer_t callback + int mbedtls_timing_get_delay(void *data) diff --git a/src/mbedtls/_tls.pxd b/src/mbedtls/_tls.pxd index b7902d1f..d900c3df 100644 --- a/src/mbedtls/_tls.pxd +++ b/src/mbedtls/_tls.pxd @@ -1,10 +1,9 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2018, Mathias Laurin -"""Declarations from `mbedtls/ssl.h`.""" - - +cimport mbedtls._ecdh as _ecdh cimport mbedtls._ringbuf as _rb +cimport mbedtls._timing as _timing cimport mbedtls.pk as _pk cimport mbedtls.x509 as _x509 @@ -69,36 +68,6 @@ cdef: MBEDTLS_ERR_SSL_BAD_INPUT_DATA = -0x7100 -cdef extern from "mbedtls/debug.h" nogil: - void mbedtls_debug_set_threshold(int threshold) - - -cdef extern from "mbedtls/timing.h" nogil: - # This provides callbacks for DTLS with blocking IO. - - ctypedef struct mbedtls_timing_hr_time: - pass - - ctypedef struct mbedtls_timing_delay_context: - mbedtls_timing_hr_time timer - int int_ms - int fin_ms - - # extern volatile int mbedtls_timing_alarmed - - # unsigned long mbedtls_timing_hardclock() - # unsigned long mbedtls_timing_get_timer( - # mbedtls_timing_hr_time *, - # int reset, - # ) - # void mbedtls_set_alarm(int seconds) - - # mbedtls_ssl_set_timer_t callback - void mbedtls_timing_set_delay(void *data, int int_ms, int fin_ms) - # mbedtls_ssl_get_timer_t callback - int mbedtls_timing_get_delay(void *data) - - cdef extern from "mbedtls/ssl_internal.h" nogil: ctypedef struct mbedtls_ssl_transform: pass @@ -108,7 +77,7 @@ cdef extern from "mbedtls/ssl_internal.h" nogil: int verify_sig_alg # Diffie-Hellman key exchange: # mbedtls_dhm_context dhm_ctx - _pk.mbedtls_ecdh_context ecdh_ctx + _ecdh.mbedtls_ecdh_context ecdh_ctx # EC-J-Pake (not very much used anymore) # mbedtls_ecjpake_context ecjpake_ctx mbedtls_ssl_key_cert *key_cert @@ -470,4 +439,4 @@ cdef class MbedTLSBuffer: cdef _rb.RingBuffer _c_input_buffer cdef _C_Buffers _c_buffers # DTLS only: - cdef mbedtls_timing_delay_context _timer + cdef _timing.mbedtls_timing_delay_context _timer diff --git a/src/mbedtls/_tls.pyx b/src/mbedtls/_tls.pyx index a1d4f1dd..20b0e67b 100644 --- a/src/mbedtls/_tls.pyx +++ b/src/mbedtls/_tls.pyx @@ -4,7 +4,9 @@ cimport libc.stdio as c_stdio from libc.stdlib cimport free, malloc +cimport mbedtls._debug as _debug cimport mbedtls._random as _rnd +cimport mbedtls._timing as _timing cimport mbedtls._tls as _tls cimport mbedtls.pk as _pk cimport mbedtls.x509 as _x509 @@ -125,7 +127,7 @@ cdef int _psk_cb( def _set_debug_level(int level): """Set debug level for logging.""" - _tls.mbedtls_debug_set_threshold(level) + _debug.mbedtls_debug_set_threshold(level) def __get_ciphersuite_name(ciphersuite_id): @@ -1003,8 +1005,8 @@ cdef class MbedTLSBuffer: _tls.mbedtls_ssl_set_timer_cb( &self._ctx, &self._timer, - _tls.mbedtls_timing_set_delay, - _tls.mbedtls_timing_get_delay) + _timing.mbedtls_timing_set_delay, + _timing.mbedtls_timing_get_delay) def __dealloc__(self): """Free and clear the internal structures of ctx.""" diff --git a/src/mbedtls/exceptions.pxd b/src/mbedtls/exceptions.pxd index c962d41f..b000ef31 100644 --- a/src/mbedtls/exceptions.pxd +++ b/src/mbedtls/exceptions.pxd @@ -1,8 +1,5 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2018, Mathias Laurin -"""Declarations from `mbedtls/error.h`.""" - - cdef extern from "mbedtls/error.h" nogil: void mbedtls_strerror(int errnum, char *buffer, size_t buflen) diff --git a/src/mbedtls/hkdf.pxd b/src/mbedtls/hkdf.pxd index 2e1c1d8a..3a27201a 100644 --- a/src/mbedtls/hkdf.pxd +++ b/src/mbedtls/hkdf.pxd @@ -1,9 +1,6 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2019, Mathias Laurin -"""Declarations from `mbedtls/hkdf.h`.""" - - cimport mbedtls._md as _md diff --git a/src/mbedtls/mpi.pxd b/src/mbedtls/mpi.pxd index 1d859930..ff88c14b 100644 --- a/src/mbedtls/mpi.pxd +++ b/src/mbedtls/mpi.pxd @@ -1,9 +1,6 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2018, Mathias Laurin -"""Declaration from `mbedtls/bignum.h`.""" - - cdef extern from "mbedtls/bignum.h" nogil: int MBEDTLS_MPI_MAX_SIZE diff --git a/src/mbedtls/pk.pxd b/src/mbedtls/pk.pxd index 0a578123..214957e5 100644 --- a/src/mbedtls/pk.pxd +++ b/src/mbedtls/pk.pxd @@ -2,321 +2,14 @@ # Copyright (c) 2016, Elaborated Networks GmbH # Copyright (c) 2018, Mathias Laurin -"""Declarations for `mbedtls/pk.h`.""" - - +cimport mbedtls._dhm as _dhm +cimport mbedtls._ecdh as _ecdh +cimport mbedtls._ecp as _ecp cimport mbedtls._md as _md +cimport mbedtls._rsa as _rsa cimport mbedtls.mpi as _mpi -cdef extern from "mbedtls/dhm.h" nogil: - ctypedef struct mbedtls_dhm_context: - _mpi.mbedtls_mpi P - _mpi.mbedtls_mpi G - _mpi.mbedtls_mpi X - _mpi.mbedtls_mpi GX - _mpi.mbedtls_mpi GY - _mpi.mbedtls_mpi K - - void mbedtls_dhm_init(mbedtls_dhm_context *ctx) - void mbedtls_dhm_free(mbedtls_dhm_context *ctx) - - int mbedtls_dhm_make_params( - mbedtls_dhm_context *ctx, - int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - int mbedtls_dhm_make_public( - mbedtls_dhm_context *ctx, - int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - - int mbedtls_dhm_read_params( - mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end) - int mbedtls_dhm_read_public( - mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen) - - int mbedtls_dhm_calc_secret( - mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - - # int mbedtls_dhm_parse_dhm( - # mbedtls_dhm_context *dhm, - # const unsigned char *dhmin, size_t dhminlen) - # int mbedtls_dhm_parse_dhmfile( - # mbedtls_dhm_context *dhm, - # const char *path) - - -cdef extern from "mbedtls/ecp.h" nogil: - ctypedef enum mbedtls_ecp_group_id: - MBEDTLS_ECP_DP_NONE = 0, - MBEDTLS_ECP_DP_SECP192R1 - MBEDTLS_ECP_DP_SECP224R1 - MBEDTLS_ECP_DP_SECP256R1 - MBEDTLS_ECP_DP_SECP384R1 - MBEDTLS_ECP_DP_SECP521R1 - MBEDTLS_ECP_DP_BP256R1 - MBEDTLS_ECP_DP_BP384R1 - MBEDTLS_ECP_DP_BP512R1 - MBEDTLS_ECP_DP_CURVE25519 - MBEDTLS_ECP_DP_SECP192K1 - MBEDTLS_ECP_DP_SECP224K1 - MBEDTLS_ECP_DP_SECP256K1 - MBEDTLS_ECP_DP_CURVE448 - - ctypedef enum mbedtls_ecp_curve_type: - MBEDTLS_ECP_TYPE_NONE = 0 - MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS - MBEDTLS_ECP_TYPE_MONTGOMERY - - ctypedef struct mbedtls_ecp_curve_info: - mbedtls_ecp_group_id grp_id - int bit_size - const char *name - - ctypedef struct mbedtls_ecp_point: - _mpi.mbedtls_mpi X - _mpi.mbedtls_mpi Y - _mpi.mbedtls_mpi Z - - ctypedef struct mbedtls_ecp_group: - mbedtls_ecp_group_id id - _mpi.mbedtls_mpi P - _mpi.mbedtls_mpi A - _mpi.mbedtls_mpi B - mbedtls_ecp_point G - _mpi.mbedtls_mpi N - size_t pbits - size_t nbits - unsigned int h - int (*modp)(_mpi.mbedtls_mpi *) - int (*t_pre)(mbedtls_ecp_point *, void *) - int (*t_post)(mbedtls_ecp_point *, void *) - void *t_data - mbedtls_ecp_point *T - size_t T_size - - ctypedef struct mbedtls_ecp_keypair: - mbedtls_ecp_group grp - _mpi.mbedtls_mpi d - mbedtls_ecp_point Q - - int MBEDTLS_ECP_MAX_BYTES - int MBEDTLS_ECP_PF_UNCOMPRESSED - - # Free functions - # -------------- - const mbedtls_ecp_curve_info* mbedtls_ecp_curve_list() - # mbedtls_ecp_grp_id_list - # mbedtls_ecp_curve_info_from_grp_id - # mbedtls_ecp_curve_info_from_tls_id - # mbedtls_ecp_curve_info_from_name - mbedtls_ecp_curve_type mbedtls_ecp_get_type( - const mbedtls_ecp_group *grp - ) - - # mbedtls_ecp_point - # ----------------- - void mbedtls_ecp_point_init(mbedtls_ecp_point *pt) - void mbedtls_ecp_point_free(mbedtls_ecp_point *pt) - int mbedtls_ecp_copy( - mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q) - # mbedtls_ecp_set_zero - int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt) - int mbedtls_ecp_point_cmp( - const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q) - # mbedtls_ecp_point_read_string - - # mbedtls_ecp_group - # ----------------- - void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) - void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) - int mbedtls_ecp_group_copy( - mbedtls_ecp_group *dst, - const mbedtls_ecp_group *src) - - int mbedtls_ecp_point_write_binary( - const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, unsigned char *buf, size_t buflen) - int mbedtls_ecp_point_read_binary( - const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, - const unsigned char *buf, size_t ilen) - - # mbedtls_ecp_tls_read_point - # mbedtls_ecp_tls_write_point - - int mbedtls_ecp_group_load( - mbedtls_ecp_group *grp, - mbedtls_ecp_group_id index) - - # mbedtls_ecp_tls_read_group - # mbedtls_ecp_tls_write_group - int mbedtls_ecp_mul( - mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const _mpi.mbedtls_mpi *m, - const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) - # mbedtls_ecp_muladd - # mbedtls_ecp_check_pubkey - # mbedtls_ecp_check_privkey - - # mbedtls_ecp_keypair - # ------------------- - void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key) - void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key) - # mbedtls_ecp_gen_keypair_base - int mbedtls_ecp_gen_keypair( - mbedtls_ecp_group *grp, - _mpi.mbedtls_mpi *d, - mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) - # mbedtls_ecp_check_pub_priv - int mbedtls_ecp_gen_key( - mbedtls_ecp_group_id grp_id, - mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) - - -cdef extern from "mbedtls/ecdh.h" nogil: - ctypedef enum mbedtls_ecdh_side: - MBEDTLS_ECDH_OURS - MBEDTLS_ECDH_THEIRS - - ctypedef struct mbedtls_ecdh_context: - mbedtls_ecp_group grp - _mpi.mbedtls_mpi d # private key - mbedtls_ecp_point Q # public key - mbedtls_ecp_point Qp # peer's public key - _mpi.mbedtls_mpi z # shared secret - - # mbedtls_ecp_group - # ----------------- - int mbedtls_ecdh_gen_public( - mbedtls_ecp_group *grp, - _mpi.mbedtls_mpi *d, - mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) - int mbedtls_ecdh_compute_shared( - mbedtls_ecp_group *grp, - _mpi.mbedtls_mpi *z, - const mbedtls_ecp_point *Q, - const _mpi.mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) - - # mbedtls_ecdh_context - # -------------------- - void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) - void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) - - int mbedtls_ecdh_get_params( - mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side) - - int mbedtls_ecdh_make_params( - mbedtls_ecdh_context *ctx, - size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - int mbedtls_ecdh_make_public( - mbedtls_ecdh_context *ctx, - size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - - int mbedtls_ecdh_read_params( - mbedtls_ecdh_context *ctx, - const unsigned char **buf, const unsigned char *end) - int mbedtls_ecdh_read_public( - mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen) - - int mbedtls_ecdh_calc_secret( - mbedtls_ecdh_context *ctx, - size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - - -cdef extern from "mbedtls/ecdsa.h" nogil: - ctypedef struct mbedtls_ecdsa_context: - mbedtls_ecp_group grp - _mpi.mbedtls_mpi d - mbedtls_ecp_point Q - - int MBEDTLS_ECDSA_MAX_LEN - - # mbedtls_ecp_group - # ----------------- - # mbedtls_ecdsa_sign - # mbedtls_ecdsa_sign_det - # mbedtls_ecdsa_verify - - # mbedtls_ecdsa_context - # --------------------- - void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx) - void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx) - - int mbedtls_ecdsa_from_keypair( - mbedtls_ecdsa_context *ctx, - const mbedtls_ecp_keypair *key) - - # mbedtls_ecdsa_write_signature - # mbedtls_ecdsa_write_signature_det - # mbedtls_ecdsa_read_signature - - int mbedtls_ecdsa_genkey( - mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) - - -cdef extern from "mbedtls/rsa.h" nogil: - ctypedef struct mbedtls_rsa_context: - pass - - # mbedtls_rsa_context - # ------------------- - # mbedtls_rsa_init - # mbedtls_rsa_set_padding - int mbedtls_rsa_gen_key( - mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - unsigned int nbits, int exponent) - int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx) - int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx) - # mbedtls_rsa_check_pub_priv - # mbedtls_rsa_public - # mbedtls_rsa_private - # mbedtls_rsa_pkcs1_encrypt - # mbedtls_rsa_rsaes_pkcs1_v15_encrypt - # mbedtls_rsa_rsaes_oaep_encrypt - # mbedtls_rsa_pkcs1_decrypt - # mbedtls_rsa_rsaes_pkcs1_v15_decrypt - # mbedtls_rsa_rsaes_oaep_decrypt - # mbedtls_rsa_pkcs1_sign - # mbedtls_rsa_rsassa_pkcs1_v15_sign - # mbedtls_rsa_rsassa_pss_sign - # mbedtls_rsa_pkcs1_verify - # mbedtls_rsa_rsassa_pkcs1_v15_verify - # mbedtls_rsa_rsassa_pss_verify - # mbedtls_rsa_rsassa_pss_verify_ext - # mbedtls_rsa_copy - # mbedtls_rsa_free - - cdef extern from "mbedtls/pk.h" nogil: ctypedef enum mbedtls_pk_type_t: MBEDTLS_PK_NONE=0 @@ -336,8 +29,8 @@ cdef extern from "mbedtls/pk.h" nogil: ctypedef struct mbedtls_pk_context: pass - mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) - mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) + _rsa.mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) + _ecp.mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) # RSA-alt function pointer types const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type) @@ -426,13 +119,13 @@ cdef class ECC(CipherBase): cdef class ECPoint: - cdef mbedtls_ecp_point _ctx + cdef _ecp.mbedtls_ecp_point _ctx cdef class DHBase: - cdef mbedtls_dhm_context _ctx + cdef _dhm.mbedtls_dhm_context _ctx cdef class ECDHBase: - cdef mbedtls_ecdh_context _ctx + cdef _ecdh.mbedtls_ecdh_context _ctx cdef curve diff --git a/src/mbedtls/pk.pyx b/src/mbedtls/pk.pyx index 6f9ceb3f..a893f5f8 100644 --- a/src/mbedtls/pk.pyx +++ b/src/mbedtls/pk.pyx @@ -19,7 +19,11 @@ Diffie-Hellman exchange. from libc.stdlib cimport free, malloc from libc.string cimport memset +cimport mbedtls._dhm as _dhm +cimport mbedtls._ecdh as _ecdh +cimport mbedtls._ecp as _ecp cimport mbedtls._random as _rnd +cimport mbedtls._rsa as _rsa cimport mbedtls.mpi as _mpi cimport mbedtls.pk as _pk @@ -86,8 +90,8 @@ RSA_PUB_DER_MAX_BYTES = 38 + 2 * _mpi.MBEDTLS_MPI_MAX_SIZE MPI_MAX_SIZE_2 = _mpi.MBEDTLS_MPI_MAX_SIZE // 2 + _mpi.MBEDTLS_MPI_MAX_SIZE % 2 RSA_PRV_DER_MAX_BYTES = 47 + 3 * _mpi.MBEDTLS_MPI_MAX_SIZE + 5 * MPI_MAX_SIZE_2 -ECP_PUB_DER_MAX_BYTES = 30 + 2 * _pk.MBEDTLS_ECP_MAX_BYTES -ECP_PRV_DER_MAX_BYTES = 29 + 3 * _pk.MBEDTLS_ECP_MAX_BYTES +ECP_PUB_DER_MAX_BYTES = 30 + 2 * _ecp.MBEDTLS_ECP_MAX_BYTES +ECP_PRV_DER_MAX_BYTES = 29 + 3 * _ecp.MBEDTLS_ECP_MAX_BYTES PUB_DER_MAX_BYTES = max(RSA_PUB_DER_MAX_BYTES, ECP_PUB_DER_MAX_BYTES) PRV_DER_MAX_BYTES = max(RSA_PRV_DER_MAX_BYTES, ECP_PRV_DER_MAX_BYTES) @@ -111,7 +115,7 @@ cpdef get_supported_ciphers(): def get_supported_curves(): """Return the list of supported curves in order of preference.""" - cdef const mbedtls_ecp_curve_info* info = _pk.mbedtls_ecp_curve_list() + cdef const _ecp.mbedtls_ecp_curve_info* info = _ecp.mbedtls_ecp_curve_list() names, idx = [], 0 while info[idx].name != NULL: names.append(Curve(bytes(info[idx].name))) @@ -120,7 +124,7 @@ def get_supported_curves(): cdef curve_name_to_grp_id(curve): - cdef const mbedtls_ecp_curve_info* info = _pk.mbedtls_ecp_curve_list() + cdef const _ecp.mbedtls_ecp_curve_info* info = _ecp.mbedtls_ecp_curve_list() idx = 0 while info[idx].name != NULL: if info[idx].name == curve: @@ -549,13 +553,13 @@ cdef class RSA(CipherBase): def _has_private(self): """Return `True` if the key contains a valid private half.""" - return _pk.mbedtls_rsa_check_privkey( + return _rsa.mbedtls_rsa_check_privkey( _pk.mbedtls_pk_rsa(self._ctx) ) == 0 def _has_public(self): """Return `True` if the key contains a valid public half.""" - return _pk.mbedtls_rsa_check_pubkey(_pk.mbedtls_pk_rsa(self._ctx)) == 0 + return _rsa.mbedtls_rsa_check_pubkey(_pk.mbedtls_pk_rsa(self._ctx)) == 0 def generate(self, unsigned int key_size=2048, int exponent=65537): """Generate an RSA keypair. @@ -568,7 +572,7 @@ cdef class RSA(CipherBase): (bytes): The private key in DER format. """ - _exc.check_error(_pk.mbedtls_rsa_gen_key( + _exc.check_error(_rsa.mbedtls_rsa_gen_key( _pk.mbedtls_pk_rsa(self._ctx), &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx, key_size, exponent)) return self.export_key("DER") @@ -587,11 +591,11 @@ cdef class ECPoint: def __cinit__(self): """Initialize the context.""" - _pk.mbedtls_ecp_point_init(&self._ctx) + _ecp.mbedtls_ecp_point_init(&self._ctx) def __dealloc__(self): """Free and clear the context.""" - _pk.mbedtls_ecp_point_free(&self._ctx) + _ecp.mbedtls_ecp_point_free(&self._ctx) def __reduce__(self): return type(self), (self.x, self.y, self.z) @@ -632,17 +636,17 @@ cdef class ECPoint: def __eq__(self, other): if other == 0: - return _pk.mbedtls_ecp_is_zero(&self._ctx) == 1 + return _ecp.mbedtls_ecp_is_zero(&self._ctx) == 1 elif type(other) is type(self): c_other = other - return _pk.mbedtls_ecp_point_cmp(&self._ctx, &c_other._ctx) == 0 + return _ecp.mbedtls_ecp_point_cmp(&self._ctx, &c_other._ctx) == 0 return NotImplemented def __hash__(self): return hash((self.x, self.y, self.z)) def __bool__(self): - return _pk.mbedtls_ecp_is_zero(&self._ctx) == 0 + return _ecp.mbedtls_ecp_is_zero(&self._ctx) == 0 cdef class ECC(CipherBase): @@ -671,13 +675,13 @@ cdef class ECC(CipherBase): def _has_private(self): """Return `True` if the key contains a valid private half.""" - cdef const mbedtls_ecp_keypair* ecp = _pk.mbedtls_pk_ec(self._ctx) + cdef const _ecp.mbedtls_ecp_keypair* ecp = _pk.mbedtls_pk_ec(self._ctx) return _mpi.mbedtls_mpi_cmp_mpi(&ecp.d, &_mpi.MPI()._ctx) != 0 def _has_public(self): """Return `True` if the key contains a valid public half.""" - cdef mbedtls_ecp_keypair* ecp = _pk.mbedtls_pk_ec(self._ctx) - return not _pk.mbedtls_ecp_is_zero(&ecp.Q) + cdef _ecp.mbedtls_ecp_keypair* ecp = _pk.mbedtls_pk_ec(self._ctx) + return not _ecp.mbedtls_ecp_is_zero(&ecp.Q) def sign(self, const unsigned char[:] message not None, @@ -696,7 +700,7 @@ cdef class ECC(CipherBase): grp_id = curve_name_to_grp_id(self.curve) if grp_id is None: raise ValueError(self.curve) - _exc.check_error(_pk.mbedtls_ecp_gen_key( + _exc.check_error(_ecp.mbedtls_ecp_gen_key( grp_id, _pk.mbedtls_pk_ec(self._ctx), &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) format = ( @@ -737,7 +741,7 @@ cdef class ECC(CipherBase): def _public_to_point(self): point = ECPoint(0, 0, 0) - _pk.mbedtls_ecp_copy(&point._ctx, &_pk.mbedtls_pk_ec(self._ctx).Q) + _ecp.mbedtls_ecp_copy(&point._ctx, &_pk.mbedtls_pk_ec(self._ctx).Q) return point def export_public_key(self, format="DER"): @@ -779,11 +783,11 @@ cdef class DHBase: def __cinit__(self): """Initialize the context.""" - _pk.mbedtls_dhm_init(&self._ctx) + _dhm.mbedtls_dhm_init(&self._ctx) def __dealloc__(self): """Free and clear the context.""" - _pk.mbedtls_dhm_free(&self._ctx) + _dhm.mbedtls_dhm_free(&self._ctx) def __getstate__(self): raise TypeError(f"cannot pickle {self.__class__.__name__!r} object") @@ -829,7 +833,7 @@ cdef class DHBase: if not output: raise MemoryError() try: - _exc.check_error(mbedtls_dhm_calc_secret( + _exc.check_error(_dhm.mbedtls_dhm_calc_secret( &self._ctx, &output[0], _mpi.MBEDTLS_MPI_MAX_SIZE, &olen, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) mpi = _mpi.MPI() @@ -856,7 +860,7 @@ cdef class DHServer(DHBase): if not output: raise MemoryError() try: - _exc.check_error(_pk.mbedtls_dhm_make_params( + _exc.check_error(_dhm.mbedtls_dhm_make_params( &self._ctx, self.key_size, &output[0], &olen, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) assert olen != 0 @@ -868,7 +872,7 @@ cdef class DHServer(DHBase): """Read the ClientKeyExchange payload.""" if buffer.size == 0: buffer = b"\0" - _exc.check_error(_pk.mbedtls_dhm_read_public( + _exc.check_error(_dhm.mbedtls_dhm_read_public( &self._ctx, &buffer[0], buffer.size)) @@ -889,7 +893,7 @@ cdef class DHClient(DHBase): if not output: raise MemoryError() try: - _exc.check_error(_pk.mbedtls_dhm_make_public( + _exc.check_error(_dhm.mbedtls_dhm_make_public( &self._ctx, self.key_size, &output[0], self.key_size, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) mpi = _mpi.from_mpi_p(&self._ctx.GX) @@ -906,7 +910,7 @@ cdef class DHClient(DHBase): # a read-only index in `dhm_read_bignum()`. cdef unsigned char* first = &buffer[0] cdef const unsigned char* end = &buffer[-1] + 1 - _exc.check_error(_pk.mbedtls_dhm_read_params(&self._ctx, &first, end)) + _exc.check_error(_dhm.mbedtls_dhm_read_params(&self._ctx, &first, end)) cdef class ECDHBase: @@ -926,16 +930,16 @@ cdef class ECDHBase: if curve is None: curve = get_supported_curves()[0] self.curve = Curve(curve) - _exc.check_error(mbedtls_ecp_group_load( + _exc.check_error(_ecp.mbedtls_ecp_group_load( &self._ctx.grp, curve_name_to_grp_id(self.curve))) def __cinit__(self): """Initialize the context.""" - _pk.mbedtls_ecdh_init(&self._ctx) + _ecdh.mbedtls_ecdh_init(&self._ctx) def __dealloc__(self): """Free and clear the context.""" - _pk.mbedtls_ecdh_free(&self._ctx) + _ecdh.mbedtls_ecdh_free(&self._ctx) def __getstate__(self): raise TypeError(f"cannot pickle {self.__class__.__name__!r} object") @@ -946,22 +950,22 @@ cdef class ECDHBase: def _has_public(self): """Return `True` if the key contains a valid public half.""" - return not _pk.mbedtls_ecp_is_zero(&self._ctx.Q) + return not _ecp.mbedtls_ecp_is_zero(&self._ctx.Q) def _has_peers_public(self): """Return `True` if the peer's key is present.""" - return not _pk.mbedtls_ecp_is_zero(&self._ctx.Qp) + return not _ecp.mbedtls_ecp_is_zero(&self._ctx.Qp) @property def public_key(self): """The public key (ECPoint)""" ecp = ECPoint(0, 0, 0) - _exc.check_error(_pk.mbedtls_ecp_copy(&ecp._ctx, &self._ctx.Q)) + _exc.check_error(_ecp.mbedtls_ecp_copy(&ecp._ctx, &self._ctx.Q)) return ecp @public_key.setter def public_key(self, ECPoint ecp): - _exc.check_error(_pk.mbedtls_ecp_copy(&self._ctx.Q, &ecp._ctx)) + _exc.check_error(_ecp.mbedtls_ecp_copy(&self._ctx.Q, &ecp._ctx)) @property def private_key(self): @@ -977,12 +981,12 @@ cdef class ECDHBase: def peers_public_key(self): """Peer's public key (ECPoint)""" ecp = ECPoint(0, 0, 0) - _exc.check_error(_pk.mbedtls_ecp_copy(&ecp._ctx, &self._ctx.Qp)) + _exc.check_error(_ecp.mbedtls_ecp_copy(&ecp._ctx, &self._ctx.Qp)) return ecp @peers_public_key.setter def peers_public_key(self, ECPoint ecp): - _exc.check_error(_pk.mbedtls_ecp_copy(&self._ctx.Qp, &ecp._ctx)) + _exc.check_error(_ecp.mbedtls_ecp_copy(&self._ctx.Qp, &ecp._ctx)) @property def shared_secret(self): @@ -1005,12 +1009,12 @@ cdef class ECDHBase: if not output: raise MemoryError() try: - _exc.check_error(mbedtls_ecdh_calc_secret( + _exc.check_error(_ecdh.mbedtls_ecdh_calc_secret( &self._ctx, &olen, &output[0], _mpi.MBEDTLS_MPI_MAX_SIZE, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) assert olen != 0 - curve_type = _pk.mbedtls_ecp_get_type(&self._ctx.grp) - if curve_type == _pk.MBEDTLS_ECP_TYPE_MONTGOMERY: + curve_type = _ecp.mbedtls_ecp_get_type(&self._ctx.grp) + if curve_type == _ecp.MBEDTLS_ECP_TYPE_MONTGOMERY: _mpi.mbedtls_mpi_read_binary_le(&mpi._ctx, &output[0], olen) else: _mpi.mbedtls_mpi_read_binary(&mpi._ctx, &output[0], olen) @@ -1020,7 +1024,7 @@ cdef class ECDHBase: def generate_public_key(self): """Generate public key from a private key.""" - _exc.check_error(_pk.mbedtls_ecp_mul( + _exc.check_error(_ecp.mbedtls_ecp_mul( &self._ctx.grp, &self._ctx.Q, &self._ctx.d, &self._ctx.grp.G, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) @@ -1032,8 +1036,8 @@ cdef class ECDHServer(ECDHBase): def __init__(self, ecc: ECC): super().__init__(ecc.curve) if ecc.export_key(): - _exc.check_error(_pk.mbedtls_ecdh_get_params( - &self._ctx, _pk.mbedtls_pk_ec(ecc._ctx), MBEDTLS_ECDH_OURS)) + _exc.check_error(_ecdh.mbedtls_ecdh_get_params( + &self._ctx, _pk.mbedtls_pk_ec(ecc._ctx), _ecdh.MBEDTLS_ECDH_OURS)) def generate(self): """Generate a public key. @@ -1048,7 +1052,7 @@ cdef class ECDHServer(ECDHBase): if not output: raise MemoryError() try: - _exc.check_error(_pk.mbedtls_ecdh_make_params( + _exc.check_error(_ecdh.mbedtls_ecdh_make_params( &self._ctx, &olen, &output[0], _mpi.MBEDTLS_MPI_MAX_SIZE, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) assert olen != 0 @@ -1060,7 +1064,7 @@ cdef class ECDHServer(ECDHBase): """Read the ClientKeyExchange payload.""" if buffer.size == 0: buffer = b"\0" - _exc.check_error(_pk.mbedtls_ecdh_read_public( + _exc.check_error(_ecdh.mbedtls_ecdh_read_public( &self._ctx, &buffer[0], buffer.size)) @@ -1071,8 +1075,8 @@ cdef class ECDHClient(ECDHBase): def __init__(self, ecc: ECC): super().__init__(ecc.curve) if ecc.export_key(): - _exc.check_error(_pk.mbedtls_ecdh_get_params( - &self._ctx, _pk.mbedtls_pk_ec(ecc._ctx), MBEDTLS_ECDH_THEIRS)) + _exc.check_error(_ecdh.mbedtls_ecdh_get_params( + &self._ctx, _pk.mbedtls_pk_ec(ecc._ctx), _ecdh.MBEDTLS_ECDH_THEIRS)) def generate(self): """Generate a public key. @@ -1087,7 +1091,7 @@ cdef class ECDHClient(ECDHBase): if not output: raise MemoryError() try: - _exc.check_error(_pk.mbedtls_ecdh_make_public( + _exc.check_error(_ecdh.mbedtls_ecdh_make_public( &self._ctx, &olen, &output[0], _mpi.MBEDTLS_MPI_MAX_SIZE, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) assert olen != 0 @@ -1101,7 +1105,7 @@ cdef class ECDHClient(ECDHBase): buffer = b"\0" cdef const unsigned char* first = &buffer[0] cdef const unsigned char* end = &buffer[-1] + 1 - _exc.check_error(_pk.mbedtls_ecdh_read_params( + _exc.check_error(_ecdh.mbedtls_ecdh_read_params( &self._ctx, &first, end)) @@ -1124,7 +1128,7 @@ cdef class ECDHNaive(ECDHBase): ECPoint: public key. """ - _exc.check_error(_pk.mbedtls_ecdh_gen_public( + _exc.check_error(_ecdh.mbedtls_ecdh_gen_public( &self._ctx.grp, &self._ctx.d, &self._ctx.Q, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) return self.public_key @@ -1134,11 +1138,11 @@ cdef class ECDHNaive(ECDHBase): def import_peers_public(self, _pk.ECPoint pubkey): """Read peer public key.""" - _exc.check_error(_pk.mbedtls_ecp_copy(&self._ctx.Qp, &pubkey._ctx)) + _exc.check_error(_ecp.mbedtls_ecp_copy(&self._ctx.Qp, &pubkey._ctx)) def generate_secret(self): """Generate the shared secret.""" - _exc.check_error(_pk.mbedtls_ecdh_compute_shared( + _exc.check_error(_ecdh.mbedtls_ecdh_compute_shared( &self._ctx.grp, &self._ctx.z, &self._ctx.Qp, &self._ctx.d, &_rnd.mbedtls_ctr_drbg_random, &__rng._ctx)) return _mpi.from_mpi_p(&self._ctx.z) diff --git a/src/mbedtls/version.pxd b/src/mbedtls/version.pxd index 78f9150a..ba1bdd06 100644 --- a/src/mbedtls/version.pxd +++ b/src/mbedtls/version.pxd @@ -1,9 +1,6 @@ # SPDX-License-Identifier: MIT # Copyright (c) 2019, Mathias Laurin -"""Declarations from `mbedtls/version.h`.""" - - cdef extern from "mbedtls/version.h" nogil: unsigned int mbedtls_version_get_number() # void mbedtls_version_get_string(char *string) diff --git a/src/mbedtls/x509.pxd b/src/mbedtls/x509.pxd index 3eb2da52..2c344a95 100644 --- a/src/mbedtls/x509.pxd +++ b/src/mbedtls/x509.pxd @@ -10,30 +10,16 @@ """ +cimport mbedtls._asn1 as _asn1 cimport mbedtls._md as _md cimport mbedtls.mpi as _mpi cimport mbedtls.pk as _pk -cdef extern from "mbedtls/asn1.h" nogil: - cdef struct mbedtls_asn1_buf: - int tag - size_t len - unsigned char *p - cdef struct mbedtls_asn1_sequence: - mbedtls_asn1_buf buf - mbedtls_asn1_sequence *next - cdef struct mbedtls_asn1_named_data: - mbedtls_asn1_buf oid - mbedtls_asn1_buf val - mbedtls_asn1_named_data *next - unsigned char next_merged - - cdef extern from "mbedtls/x509.h" nogil: - ctypedef mbedtls_asn1_buf mbedtls_x509_buf - ctypedef mbedtls_asn1_named_data mbedtls_x509_name - ctypedef mbedtls_asn1_sequence mbedtls_x509_sequence + ctypedef _asn1.mbedtls_asn1_buf mbedtls_x509_buf + ctypedef _asn1.mbedtls_asn1_named_data mbedtls_x509_name + ctypedef _asn1.mbedtls_asn1_sequence mbedtls_x509_sequence int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn) cdef struct mbedtls_x509_time: