Port from PyCrypto to cryptography, fixes #6

mitya57 · Jul 4, 2016 · e637c3b · e637c3b
1 parent e9c2cdb
commit e637c3b
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 23 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,7 +10,7 @@ python:
 before_install:
   - sudo apt-get update
   - sudo apt-get install -y libdbus-glib-1-dev
-install: pip install dbus-python pycrypto
+install: pip install dbus-python cryptography
 before_script:
   - git clone git://git.gnome.org/libsecret.git
 script:

diff --git a/README.rst b/README.rst
@@ -33,7 +33,7 @@ Building the module
 SecretStorage requires these packages to work:
 
 * `dbus-python`_;
-* PyCrypto_ (also `available on PyPI`_).
+* `python-cryptography_`.
 
 To build SecretStorage, use this command::
 
@@ -44,8 +44,7 @@ If you have Sphinx_ installed, you can also build the documentation::
    python3 setup.py build_sphinx
 
 .. _`dbus-python`: https://www.freedesktop.org/wiki/Software/DBusBindings/#dbus-python
-.. _PyCrypto: https://www.dlitz.net/software/pycrypto/
-.. _`available on PyPI`: https://pypi.python.org/pypi/pycrypto
+.. _`python-cryptography`: https://pypi.python.org/pypi/cryptography
 .. _Sphinx: http://sphinx-doc.org/
 
 Testing the module

diff --git a/secretstorage/dhcrypto.py b/secretstorage/dhcrypto.py
@@ -12,6 +12,7 @@
 import os
 
 from hashlib import sha256
+from cryptography.utils import int_from_bytes
 
 # A standard 1024 bits (128 bytes) prime number for use in Diffie-Hellman exchange
 DH_PRIME_1024_BYTES = (
@@ -25,19 +26,15 @@
 	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
 )
 
-if hasattr(int, 'from_bytes'):
-	bytes_to_long = lambda bytes_array: int.from_bytes(bytes_array, 'big')
-else:
-	from Crypto.Util.number import bytes_to_long as _to_long
-	# We need to support both list and bytes input
-	bytes_to_long = lambda b: _to_long(bytes(bytearray(b)))
+# We need to support both list and bytes input
+bytes_to_long = lambda bytes_array: int_from_bytes(bytes(bytearray(bytes_array)), 'big')
 
 if hasattr(int, 'to_bytes'):
 	def long_to_bytes(number):
 		return int.to_bytes(number,
 			math.ceil(number.bit_length() / 8), 'big')
 else:
-	from Crypto.Util.number import long_to_bytes
+	from cryptography.utils import int_to_bytes as long_to_bytes
 
 DH_PRIME_1024 = bytes_to_long(DH_PRIME_1024_BYTES)
 

diff --git a/secretstorage/item.py b/secretstorage/item.py
@@ -14,7 +14,8 @@
 from secretstorage.exceptions import LockedException
 from secretstorage.util import InterfaceWrapper, bus_get_object, \
  open_session, format_secret, to_unicode, unlock_objects
-from Crypto.Cipher.AES import AESCipher, MODE_CBC
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.backends import default_backend
 
 ITEM_IFACE = SS_PREFIX + 'Item'
 
@@ -96,10 +97,12 @@ def get_secret(self):
 			signature='o')
 		if not self.session.encrypted:
 			return bytes(bytearray(secret[2]))
-		aes_cipher = AESCipher(self.session.aes_key, mode=MODE_CBC,
-			IV=bytes(bytearray(secret[1])))
-		padded_secret = bytearray(aes_cipher.decrypt(
-			bytes(bytearray(secret[2]))))
+		aes = algorithms.AES(self.session.aes_key)
+		aes_iv = bytes(bytearray(secret[1]))
+		decryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).decryptor()
+		encrypted_secret = bytes(bytearray(secret[2]))
+		padded_secret = decryptor.update(encrypted_secret) + decryptor.finalize()
+		padded_secret = bytearray(padded_secret)
 		return bytes(padded_secret[:-padded_secret[-1]])
 
 	def get_secret_content_type(self):

diff --git a/secretstorage/util.py b/secretstorage/util.py
@@ -11,11 +11,11 @@
 from secretstorage.defines import DBUS_UNKNOWN_METHOD, DBUS_NO_SUCH_OBJECT, \
  DBUS_SERVICE_UNKNOWN, DBUS_NO_REPLY, DBUS_NOT_SUPPORTED, DBUS_EXEC_FAILED, \
  SS_PATH, SS_PREFIX, ALGORITHM_DH, ALGORITHM_PLAIN
-from secretstorage.dhcrypto import Session
+from secretstorage.dhcrypto import Session, long_to_bytes, bytes_to_long
 from secretstorage.exceptions import ItemNotFoundException, \
  SecretServiceNotAvailableException
-from Crypto.Cipher.AES import AESCipher, MODE_CBC, block_size
-from secretstorage.dhcrypto import long_to_bytes, bytes_to_long
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.backends import default_backend
 
 BUS_NAME = 'org.freedesktop.secrets'
 SERVICE_IFACE = SS_PREFIX + 'Service'
@@ -94,12 +94,14 @@ def format_secret(session, secret, content_type):
 	# PKCS-7 style padding
 	padding = 0x10 - (len(secret) & 0xf)
 	secret += bytes(bytearray((padding,)) * padding)
-	aes_iv = os.urandom(block_size)
-	aes_cipher = AESCipher(session.aes_key, mode=MODE_CBC, IV=aes_iv)
+	aes_iv = os.urandom(0x10)
+	aes = algorithms.AES(session.aes_key)
+	encryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).encryptor()
+	encrypted_secret = encryptor.update(secret) + encryptor.finalize()
 	return dbus.Struct((
 		session.object_path,
 		dbus.Array(aes_iv),
-		dbus.Array(bytearray(aes_cipher.encrypt(secret))),
+		dbus.Array(bytearray(encrypted_secret)),
 		content_type
 	))
 

diff --git a/setup.py b/setup.py
@@ -40,7 +40,7 @@
 	platforms='Linux',
 	license='BSD',
 	classifiers=classifiers,
-	install_requires=['pycrypto'],
+	install_requires=['cryptography'],
 	extras_require={
 		'dbus-python': ['dbus-python'],
 	},