aboutsummaryrefslogtreecommitdiff
path: root/cryptech/libhal.py
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2022-01-04 09:12:47 -0500
committerRob Austein <sra@hactrn.net>2022-01-04 09:12:47 -0500
commit6f0d8236b8622a68f42284ed1314d8acd86c89ed (patch)
tree1e0605d51d81fb87518eae0339576382e00fce0f /cryptech/libhal.py
parentf8c3655b7af461555b89f7394c396b7ed7a267ee (diff)
Replace old PyCrypto with PyCryptodomeHEADmaster
PyCrypto is no longer present in Debian Bullseye and is abandonware in anycase. PyCryptodome is about 98% of a drop-in replacement (but that last 2% can be tricky), so convert the most critical stuff to use PyCryptodome. A bunch of the test scripts and so forth still need to be converted, for today the goals are just to have the package install properly and to be able to run the unit tests.
Diffstat (limited to 'cryptech/libhal.py')
-rw-r--r--cryptech/libhal.py27
1 files changed, 17 insertions, 10 deletions
diff --git a/cryptech/libhal.py b/cryptech/libhal.py
index 102e663..105dd02 100644
--- a/cryptech/libhal.py
+++ b/cryptech/libhal.py
@@ -347,7 +347,8 @@ class LocalDigest(object):
"""
def __init__(self, hsm, handle, algorithm, key):
- from Crypto.Hash import HMAC, SHA, SHA224, SHA256, SHA384, SHA512
+ from Cryptodome.Hash import HMAC, SHA1, SHA224, SHA256, SHA384, SHA512
+ from Cryptodome.Util.asn1 import DerObjectId
from struct import pack
self.hsm = hsm
self.handle = handle
@@ -356,16 +357,22 @@ class LocalDigest(object):
h = self._algorithms[algorithm]
except AttributeError:
self._algorithms = {
- HAL_DIGEST_ALGORITHM_SHA1 : SHA.SHA1Hash,
- HAL_DIGEST_ALGORITHM_SHA224 : SHA224.SHA224Hash,
- HAL_DIGEST_ALGORITHM_SHA256 : SHA256.SHA256Hash,
- HAL_DIGEST_ALGORITHM_SHA384 : SHA384.SHA384Hash,
- HAL_DIGEST_ALGORITHM_SHA512 : SHA512.SHA512Hash
+ HAL_DIGEST_ALGORITHM_SHA1 : SHA1,
+ HAL_DIGEST_ALGORITHM_SHA224 : SHA224,
+ HAL_DIGEST_ALGORITHM_SHA256 : SHA256,
+ HAL_DIGEST_ALGORITHM_SHA384 : SHA384,
+ HAL_DIGEST_ALGORITHM_SHA512 : SHA512
}
h = self._algorithms[algorithm]
self.digest_length = h.digest_size
- self.algorithm_id = pack("BB", 0x30, 2 + len(h.oid)) + h.oid
- self._context = HMAC.HMAC(key = key, digestmod = h) if key else h()
+ if key:
+ self._context = HMAC.new(key = key, digestmod = h)
+ oid = h.new().oid
+ else:
+ self._context = h.new()
+ oid = self._context.oid
+ self.oid = DerObjectId(oid).encode()
+ self.algorithm_id = pack("BB", 0x30, 2 + len(self.oid)) + self.oid
def update(self, data):
self._context.update(data)
@@ -377,8 +384,8 @@ class LocalDigest(object):
if pkey.key_type not in (HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC):
return self.finalize()
# PKCS #1.5 requires the digest to be wrapped up in an ASN.1 DigestInfo object.
- from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
- return DerSequence([DerSequence([self._context.oid, DerNull().encode()]).encode(),
+ from Cryptodome.Util.asn1 import DerSequence, DerNull, DerOctetString
+ return DerSequence([DerSequence([self.oid, DerNull().encode()]).encode(),
DerOctetString(self.finalize()).encode()]).encode()