diff options
author | Rob Austein <sra@hactrn.net> | 2022-01-04 09:12:47 -0500 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2022-01-04 09:12:47 -0500 |
commit | 6f0d8236b8622a68f42284ed1314d8acd86c89ed (patch) | |
tree | 1e0605d51d81fb87518eae0339576382e00fce0f /cryptech/libhal.py | |
parent | f8c3655b7af461555b89f7394c396b7ed7a267ee (diff) |
PyCrypto is no longer present in Debian Bullseye and is abandonware in
anycase. PyCryptodome is about 98% of a drop-in replacement (but that
last 2% can be tricky), so convert the most critical stuff to use
PyCryptodome.
A bunch of the test scripts and so forth still need to be converted,
for today the goals are just to have the package install properly and
to be able to run the unit tests.
Diffstat (limited to 'cryptech/libhal.py')
-rw-r--r-- | cryptech/libhal.py | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/cryptech/libhal.py b/cryptech/libhal.py index 102e663..105dd02 100644 --- a/cryptech/libhal.py +++ b/cryptech/libhal.py @@ -347,7 +347,8 @@ class LocalDigest(object): """ def __init__(self, hsm, handle, algorithm, key): - from Crypto.Hash import HMAC, SHA, SHA224, SHA256, SHA384, SHA512 + from Cryptodome.Hash import HMAC, SHA1, SHA224, SHA256, SHA384, SHA512 + from Cryptodome.Util.asn1 import DerObjectId from struct import pack self.hsm = hsm self.handle = handle @@ -356,16 +357,22 @@ class LocalDigest(object): h = self._algorithms[algorithm] except AttributeError: self._algorithms = { - HAL_DIGEST_ALGORITHM_SHA1 : SHA.SHA1Hash, - HAL_DIGEST_ALGORITHM_SHA224 : SHA224.SHA224Hash, - HAL_DIGEST_ALGORITHM_SHA256 : SHA256.SHA256Hash, - HAL_DIGEST_ALGORITHM_SHA384 : SHA384.SHA384Hash, - HAL_DIGEST_ALGORITHM_SHA512 : SHA512.SHA512Hash + HAL_DIGEST_ALGORITHM_SHA1 : SHA1, + HAL_DIGEST_ALGORITHM_SHA224 : SHA224, + HAL_DIGEST_ALGORITHM_SHA256 : SHA256, + HAL_DIGEST_ALGORITHM_SHA384 : SHA384, + HAL_DIGEST_ALGORITHM_SHA512 : SHA512 } h = self._algorithms[algorithm] self.digest_length = h.digest_size - self.algorithm_id = pack("BB", 0x30, 2 + len(h.oid)) + h.oid - self._context = HMAC.HMAC(key = key, digestmod = h) if key else h() + if key: + self._context = HMAC.new(key = key, digestmod = h) + oid = h.new().oid + else: + self._context = h.new() + oid = self._context.oid + self.oid = DerObjectId(oid).encode() + self.algorithm_id = pack("BB", 0x30, 2 + len(self.oid)) + self.oid def update(self, data): self._context.update(data) @@ -377,8 +384,8 @@ class LocalDigest(object): if pkey.key_type not in (HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC): return self.finalize() # PKCS #1.5 requires the digest to be wrapped up in an ASN.1 DigestInfo object. - from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString - return DerSequence([DerSequence([self._context.oid, DerNull().encode()]).encode(), + from Cryptodome.Util.asn1 import DerSequence, DerNull, DerOctetString + return DerSequence([DerSequence([self.oid, DerNull().encode()]).encode(), DerOctetString(self.finalize()).encode()]).encode() |