Replace old PyCrypto with PyCryptodomeHEAD master

PyCrypto is no longer present in Debian Bullseye and is abandonware in anycase. PyCryptodome is about 98% of a drop-in replacement (but that last 2% can be tricky), so convert the most critical stuff to use PyCryptodome. A bunch of the test scripts and so forth still need to be converted, for today the goals are just to have the package install properly and to be able to run the unit tests.
author: Rob Austein <sra@hactrn.net> 2022-01-04 09:12:47 -0500
committer: Rob Austein <sra@hactrn.net> 2022-01-04 09:12:47 -0500
commit: 6f0d8236b8622a68f42284ed1314d8acd86c89ed (patch)
tree: 1e0605d51d81fb87518eae0339576382e00fce0f /cryptech_backup
parent: f8c3655b7af461555b89f7394c396b7ed7a267ee (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/cryptech_backup b/cryptech_backup
index a15c9c0..99d2c38 100755
--- a/cryptech_backup
+++ b/cryptech_backup
@@ -21,7 +21,7 @@ We also implement a software-based variant on this backup mechanism,
 for cases where there is no second HSM.  The protocol is much the
 same, but the KEKEK is generated in software and encrypted using a
 symmetric key derived from a passphrase using PBKDF2.  This requires
-the PyCrypto library, and is only as secure as memory on the machine
+the PyCryptodome library, and is only as secure as memory on the machine
 where you're running it (so it's theoretically vulnerable to root or
 anybody with access to /dev/mem).  Don't use this mode unless you
 understand the risks, and see the "NOTE WELL" above.
@@ -305,7 +305,7 @@ class AESKeyWrapWithPadding(object):
         "Something went wrong during unwrap."
 
     def __init__(self, key):
-        from Crypto.Cipher import AES
+        from Cryptodome.Cipher import AES
         self.ctx = AES.new(key, AES.MODE_ECB)
 
     def _encrypt(self, b1, b2):
@@ -391,7 +391,7 @@ class SoftKEKEK(object):
         time.clock = time.process_time
 
     def parse_EncryptedPrivateKeyInfo(self, der):
-        from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
+        from Cryptodome.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
         encryptedPrivateKeyInfo = DerSequence()
         encryptedPrivateKeyInfo.decode(der)
         encryptionAlgorithm = DerSequence()
@@ -405,7 +405,7 @@ class SoftKEKEK(object):
         return encryptedData.payload
 
     def encode_EncryptedPrivateKeyInfo(self, der):
-        from Crypto.Util.asn1 import DerSequence, DerOctetString
+        from Cryptodome.Util.asn1 import DerSequence, DerOctetString
         return DerSequence([
             DerSequence([
                 struct.pack("BB", 0x06, len(self.oid_aesKeyWrap)) + self.oid_aesKeyWrap
@@ -414,12 +414,12 @@ class SoftKEKEK(object):
         ]).encode()
 
     def gen_salt(self, bytes = 16):
-        from Crypto import Random
+        from Cryptodome import Random
         return Random.new().read(bytes)
 
     def wrapper(self, salt, keylen = 256, iterations = 8000):
-        from Crypto.Protocol.KDF import PBKDF2
-        from Crypto.Hash         import SHA256, HMAC
+        from Cryptodome.Protocol.KDF import PBKDF2
+        from Cryptodome.Hash         import SHA256, HMAC
         return AESKeyWrapWithPadding(PBKDF2(
             password = getpass.getpass("KEKEK Passphrase: "),
             salt     = salt,
@@ -433,7 +433,7 @@ class SoftKEKEK(object):
 
     @classmethod
     def generate(cls, args, result):
-        from Crypto.PublicKey import RSA
+        from Cryptodome.PublicKey import RSA
         self = cls()
         k = RSA.generate(args.keylen)
         salt  = self.gen_salt()
author	Rob Austein <sra@hactrn.net>	2022-01-04 09:12:47 -0500
committer	Rob Austein <sra@hactrn.net>	2022-01-04 09:12:47 -0500
commit	6f0d8236b8622a68f42284ed1314d8acd86c89ed (patch)
tree	1e0605d51d81fb87518eae0339576382e00fce0f /cryptech_backup
parent	f8c3655b7af461555b89f7394c396b7ed7a267ee (diff)