Replace old PyCrypto with PyCryptodomeHEADmaster

PyCrypto is no longer present in Debian Bullseye and is abandonware in
anycase.  PyCryptodome is about 98% of a drop-in replacement (but that
last 2% can be tricky), so convert the most critical stuff to use
PyCryptodome.

A bunch of the test scripts and so forth still need to be converted,
for today the goals are just to have the package install properly and
to be able to run the unit tests.

1 files changed, 35 insertions, 37 deletions

diff --git a/unit-tests.py b/unit-tests.py
index 526379c..bdb6f77 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -49,19 +49,17 @@ from struct import pack, unpack
 from cryptech.libhal import *
 
 try:
-    from Crypto.Util.number             import inverse
-    from Crypto.PublicKey               import RSA
-    from Crypto.Cipher                  import AES
-    from Crypto.Cipher.PKCS1_v1_5       import PKCS115_Cipher
-    from Crypto.Signature.PKCS1_v1_5    import PKCS115_SigScheme
-    from Crypto.Hash.SHA256             import SHA256Hash as SHA256
-    from Crypto.Hash.SHA384             import SHA384Hash as SHA384
-    from Crypto.Hash.SHA512             import SHA512Hash as SHA512
+    from Cryptodome.Util.number             import inverse
+    from Cryptodome.PublicKey               import RSA
+    from Cryptodome.Cipher                  import AES, PKCS1_v1_5
+    from Cryptodome.Signature               import pkcs1_15
+    from Cryptodome.Hash.SHA256             import new as SHA256
+    from Cryptodome.Hash.SHA384             import new as SHA384
+    from Cryptodome.Hash.SHA512             import new as SHA512
     pycrypto_loaded = True
 except ImportError:
     pycrypto_loaded = False
 
-
 try:
     from ecdsa                          import der as ECDSA_DER
     from ecdsa.keys                     import SigningKey as ECDSA_SigningKey
@@ -998,15 +996,15 @@ class TestPKeyHashing(TestCaseLoggedIn):
         k1.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
         k2.verify(signature = sig, hash = self.h(alg, mixed_mode = True))
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_1024_sha256_data(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_data)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_2048_sha384_data(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_data)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_4096_sha512_data(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_data)
 
@@ -1022,15 +1020,15 @@ class TestPKeyHashing(TestCaseLoggedIn):
     def test_load_sign_verify_ecdsa_p521_sha512_data(self):
         self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_data)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_1024_sha256_remote_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_2048_sha384_remote_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_4096_sha512_remote_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_remote)
 
@@ -1046,15 +1044,15 @@ class TestPKeyHashing(TestCaseLoggedIn):
     def test_load_sign_verify_ecdsa_p521_sha512_remote_remote(self):
         self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_1024_sha256_remote_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_remote_local)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_2048_sha384_remote_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_remote_local)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_4096_sha512_remote_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_remote_local)
 
@@ -1070,15 +1068,15 @@ class TestPKeyHashing(TestCaseLoggedIn):
     def test_load_sign_verify_ecdsa_p521_sha512_remote_local(self):
         self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_remote_local)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_1024_sha256_local_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_2048_sha384_local_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_4096_sha512_local_remote(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_remote)
 
@@ -1094,15 +1092,15 @@ class TestPKeyHashing(TestCaseLoggedIn):
     def test_load_sign_verify_ecdsa_p521_sha512_local_remote(self):
         self.load_sign_verify_ecdsa(HAL_DIGEST_ALGORITHM_SHA512, HAL_CURVE_P521, self.sign_verify_local_remote)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_1024_sha256_local_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA256, 1024, self.sign_verify_local_local)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_2048_sha384_local_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA384, 2048, self.sign_verify_local_local)
 
-    @unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+    @unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
     def test_load_sign_verify_rsa_4096_sha512_local_local(self):
         self.load_sign_verify_rsa(HAL_DIGEST_ALGORITHM_SHA512, 4096, self.sign_verify_local_local)
 
@@ -1131,7 +1129,7 @@ class TestPKeyHashing(TestCaseLoggedIn):
         self.gen_sign_verify_hashsig(1, HAL_LMS_SHA256_N32_H5, HAL_LMOTS_SHA256_N32_W4, 2352, self.sign_verify_local_local)
 
 
-@unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+@unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
 class TestPKeyRSAInterop(TestCaseLoggedIn):
 
     @staticmethod
@@ -1575,7 +1573,7 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
             py_hash   = SHA384)
 
 
-@unittest.skipUnless(pycrypto_loaded, "Requires Python Crypto package")
+@unittest.skipUnless(pycrypto_loaded, "Requires Python Cryptodome package")
 class TestPKeyBackup(TestCaseLoggedIn):
 
     oid_rsaEncryption = b"\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
@@ -1583,7 +1581,7 @@ class TestPKeyBackup(TestCaseLoggedIn):
 
     @staticmethod
     def parse_EncryptedPrivateKeyInfo(der, oid):
-        from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
+        from Cryptodome.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
         encryptedPrivateKeyInfo = DerSequence()
         encryptedPrivateKeyInfo.decode(der)
         encryptionAlgorithm = DerSequence()
@@ -1606,7 +1604,7 @@ class TestPKeyBackup(TestCaseLoggedIn):
 
     @staticmethod
     def encode_EncryptedPrivateKeyInfo(der, oid):
-        from Crypto.Util.asn1 import DerSequence, DerOctetString
+        from Cryptodome.Util.asn1 import DerSequence, DerOctetString
         return DerSequence([
             DerSequence([pack("BB", 0x06, len(oid)) + oid]).encode(),
             DerOctetString(der).encode()
@@ -1614,15 +1612,15 @@ class TestPKeyBackup(TestCaseLoggedIn):
 
     @staticmethod
     def make_kek():
-        import Crypto.Random
-        return Crypto.Random.new().read(256//8)
+        import Cryptodome.Random
+        return Cryptodome.Random.new().read(256//8)
 
     def sig_check(self, pkey, der):
-        from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
-        p115 = PKCS115_SigScheme(RSA.importKey(der))
+        from Cryptodome.Util.asn1 import DerSequence, DerNull, DerOctetString, DerObjectId
+        p115 = pkcs1_15.new(RSA.importKey(der))
         hash = SHA256("Your mother was a hamster".encode())
         data = DerSequence([
-            DerSequence([hash.oid, DerNull().encode()]).encode(),
+            DerSequence([DerObjectId(hash.oid).encode(), DerNull().encode()]).encode(),
             DerOctetString(hash.digest()).encode()
         ]).encode()
         sig1 = p115.sign(hash)
@@ -1643,7 +1641,7 @@ class TestPKeyBackup(TestCaseLoggedIn):
             flags = HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE | HAL_KEY_FLAG_EXPORTABLE)
         self.addCleanup(pkey.delete)
         pkcs8_der, kek_der = kekek.export_pkey(pkey)
-        kek = PKCS115_Cipher(PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, 1024].obj).decrypt(
+        kek = PKCS1_v1_5.new(PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, 1024].obj).decrypt(
             self.parse_EncryptedPrivateKeyInfo(kek_der, self.oid_rsaEncryption),
             self.make_kek())
         der = AESKeyWrapWithPadding(kek).unwrap(
@@ -1662,7 +1660,7 @@ class TestPKeyBackup(TestCaseLoggedIn):
                 AESKeyWrapWithPadding(kek).wrap(der),
                 self.oid_aesKeyWrap),
             kek = self.encode_EncryptedPrivateKeyInfo(
-                PKCS115_Cipher(RSA.importKey(kekek.public_key)).encrypt(kek),
+                PKCS1_v1_5.new(RSA.importKey(kekek.public_key)).encrypt(kek),
                 self.oid_rsaEncryption),
             flags = HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(pkey.delete)
@@ -1800,10 +1798,10 @@ class PreloadedRSAKey(PreloadedKey):
                 k2, k2.exportKey(format = "DER"          ), keylen = keylen)
 
     def sign(self, text, hash):
-        return PKCS115_SigScheme(self.obj).sign(hash(text))
+        return pkcs1_15.new(self.obj).sign(hash(text))
 
     def verify(self, text, hash, signature):
-        return PKCS115_SigScheme(self.obj).verify(hash(text), signature)
+        return pkcs1_15.new(self.obj).verify(hash(text), signature)
 
 class PreloadedECKey(PreloadedKey):